Public Authority

An organization or body that operates as part of or exercises authority delegated by government, including government agencies, regulatory bodies, public institutions, and entities performing public functions. Public authorities have specific obligations and considerations under privacy laws. Under GDPR, public authorities cannot rely on legitimate interests as a legal basis for processing (Article 6(1)(f) exception), must appoint Data Protection Officers in most cases (Article 37(1)), and may have different obligations regarding data retention and access. They often process data under legal obligation or public interest grounds. Many jurisdictions have separate privacy laws specifically for public sector organizations (such as Canada's Privacy Act for federal government institutions or FOIA in the U.S.). Public authorities must balance transparency and accountability with privacy protection, often facing tension between public records access laws and data protection requirements. They typically have heightened obligations regarding fairness, transparency, and respecting individual rights due to the power imbalance between citizens and government.