If you are in Europe or the UK, your personal data may be transferred to the US or other countries, and Databricks states it uses Standard Contractual Clauses as the legal mechanism to make this transfer lawful under EU and UK law.
This analysis describes what Databricks's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
International data transfers from the EU require specific legal safeguards and the adequacy of Standard Contractual Clauses as a transfer mechanism has been the subject of ongoing legal scrutiny, meaning the practical protection afforded depends on Databricks' implementation.
Interpretive note: The adequacy of Standard Contractual Clauses as a transfer mechanism may depend on whether supplementary measures are implemented, and the DPF's long-term legal stability remains subject to legal challenge.
Restructured for clarity by separating general transfer statement from specific EEA/UK/Switzerland protections; simplified language and removed incomplete sentence about 'approved by the'.
View full change record →Your personal data may be transferred outside the EU or UK to countries with different privacy standards, with Databricks relying on Standard Contractual Clauses and the EU-US Data Privacy Framework as the stated legal basis for doing so.
How other platforms handle this
Your personal information may be transferred to, stored, and processed in the United States or other countries outside of your country of residence, which may have data protection laws that are different from those in your country.
Your personal information may be transferred to, stored, and processed in the United States or other countries where our service providers and partners operate. By using our Services, you acknowledge that your personal information may be transferred to countries outside your country of residence, in...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Monitoring
Databricks has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Databricks may transfer your personal information to countries other than the country where you are located. These countries may not have the same data protection laws as your country. We transfer personal information to recipients in the United States and other countries where Databricks or its service providers operate. When transferring personal information from the EEA, Switzerland, or the United Kingdom, we use appropriate safeguards such as Standard Contractual Clauses.— Excerpt from Databricks's Databricks Privacy Notice
REGULATORY LANDSCAPE: This provision engages GDPR Chapter V governing international data transfers, specifically Articles 44 through 49. The use of Standard Contractual Clauses adopted by the European Commission and the EU-US Data Privacy Framework (effective July 2023) are the stated transfer mechanisms. The UK's International Data Transfer Agreement is the analogous mechanism for UK transfers. EU supervisory authorities and the UK ICO are the relevant enforcement bodies. The adequacy of these mechanisms has been subject to legal challenge and may require evaluation under current guidance. GOVERNANCE EXPOSURE: Medium. The reliance on SCCs is standard practice but requires Databricks to conduct and maintain transfer impact assessments for each transfer relationship, particularly to the US. The EU-US Data Privacy Framework self-certification, if applicable to Databricks, should be verified at the DPF list. Swiss transfers require separate attention given Switzerland's own data transfer requirements. JURISDICTION FLAGS: Heightened exposure for EU/EEA organizations whose data is transferred to Databricks in the US, particularly given ongoing privacy advocacy litigation targeting SCCs. UK organizations should verify that Databricks' UK IDTA or addendum is in place. Swiss organizations should confirm compliance with Switzerland's revised Federal Act on Data Protection. CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should request copies of executed SCCs or confirm DPF self-certification status and should review whether transfer impact assessments have been conducted and are available for inspection. The DPA should specify the applicable transfer mechanism for each category of data transferred. COMPLIANCE CONSIDERATIONS: Compliance teams should verify Databricks' current status on the EU-US Data Privacy Framework list at dataprivacyframework.gov, confirm that SCCs used are the current approved versions adopted in 2021, and assess whether supplementary measures are required based on the specific data categories and transfer contexts involved.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
International data transfers from the EU require specific legal safeguards and the adequacy of Standard Contractual Clauses as a transfer mechanism has been the subject of ongoing legal scrutiny, meaning the practical protection afforded depends on Databricks' implementation.
Your personal data may be transferred outside the EU or UK to countries with different privacy standards, with Databricks relying on Standard Contractual Clauses and the EU-US Data Privacy Framework as the stated legal basis for doing so.
ConductAtlas has identified this type of provision across 83 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Databricks.