This risk category describes the risk of negative effects that may occur to the individual when information is transferred from one area of life to another. Decontextualization occurs in the case groups of context deficit (e.g. taking information from tax authorities into a credit check) and context infiltration (e.g. using driver's license images for criminal investigations). From the list in Rec. 75 GDPR, loss of control over personal data and loss of confidentiality of data subject to professional secrecy fall into this risk category. In this context, it is also important to note that the GDPR interprets the concept of legitimate interest in terms of the reasonable expectations of the data subject based on his or her relationship with the controller (Rec. 47 sent. 1 and Rec. 50 sent. 6 GDPR).