Which situation typically does NOT require consent for processing personal data?

The situation that typically does not require consent for processing personal data relates to legal obligations and public interests. In many jurisdictions, particularly under regulations like the General Data Protection Regulation (GDPR), processing personal data may be lawful without explicit consent if it is necessary for compliance with a legal obligation or for performing a task carried out in the public interest.

This means that if an organization is required to process personal data to comply with a legal requirement (such as tax obligations or public health measures) or to perform a function that benefits the public (like government services), it can do so without needing consent from the data subjects. This is significant, as it enables necessary actions to be taken to protect public interests or adhere to legal standards without the potential complications or delays that seeking consent might entail.

In contrast, marketing communications to existing customers typically rely on prior consent for direct advertising purposes, processing for a public task may also require balancing the need for consent against the public interest, and sharing with affiliates often also necessitates obtaining consent unless there is a legal basis justifying the action.