A legitimate interest is a use of personal information that is needed to fulfill a service. This would be something like a session cookie for storing the contents of a shopping cart, a site's preferences, or login information. Using a cookie is the only way to provide that, and the user is basically implicitly asking for something to be stored. It would be silly to have a consent checkboxes like "before you can shop with us we need your permission to register what you want to buy" or "you give us permission to share your address details with the delivery company so they can actually deliver stuff to you".
Annoyingly, legitimate interest covers more than that - it also covers opt-in-by-default to direct marketing. Yes, if a customer registers an account or makes a purchase, you can opt them in by default on the basis of "legitimate" interest[0].
Yeah, the problem with "legitimate interests" is they're being used for "build a marketing profile of you" and "send you targeted advertisements" anyway, with the excuse that they're interested in doing that as the basis of their business.
I'm not saying I agree with it, but just for the sake of playing devil's advocate - what if the business legitimately makes its revenue by serving ad content on it's site to it's users?
> A legitimate interest is a use of personal information that is needed to fulfill a service.
No, it's not. If you need it to fulfill a service, then you are covered by (b) of Article 6 GDPR I cited earlier:
processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
Legitimate interest under (f) would be something that is not strictly needed to provide the service but (1) beneficial to the processor and (2) does not unduly negatively affect the data subject.
