What are the institutional and regulatory implications of this document?

REGULATORY EXPOSURE: This notice directly engages GDPR (EU) 2016/679 including Arts. 6, 13, 14, 17, 20, 21, and 28; UK GDPR; CCPA §1798.100 et seq. as amended by CPRA; and implicitly references other state privacy laws (Virginia CDPA, Colorado CPA, Connecticut CTDPA). Enforcement authorities include EU Data Protection Authorities (lead DPA likely the Irish DPC given Databricks' EU operations), UK ICO, and California Privacy Protection Agency (CPPA). Primary compliance mechanisms are a OneTrust …

How does Databricks's Databricks Privacy Notice affect users?

Databricks collects a broad range of personal data including contact details, device identifiers, IP addresses, and behavioral data from website visitors, event attendees, and platform users, and shares this data with advertising networks, analytics providers, and third-party service vendors. Customers who upload data to the Databricks platform should note their data is governed by a separate agreement, not this notice, which may limit their visibility into how that data is processed. You can s…

How often is Databricks's Databricks Privacy Notice updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Databricks updates this document?

Yes. Watcher subscribers ($9.99/month) can add Databricks to their watchlist and receive same-day email alerts whenever this document or any other Databricks document changes.

Databricks Privacy Notice — Databricks

9 Total

1 High severity

7 Medium severity

1 Low severity

Summary

This is Databricks' privacy policy, explaining how the company collects your name, email, company details, IP address, device data, and behavioral data when you visit their website, attend events, or use their data platform products. The most important thing to know is that Databricks shares your personal data with advertising partners, analytics providers, and third-party vendors, and California residents have the right to opt out of the 'sale' or 'sharing' of their personal data for cross-context behavioral advertising. You can exercise your rights — including data deletion, access, or opt-out of data sharing — by submitting a request at https://privacyportal.onetrust.com/webform/2b246c03-4c7b-479a-9ac6-a671c05f25b6/draft/e3c5c9cb-5e70-4073-b14e-5da0ae2ef640 or emailing privacy@databricks.com.

Technical Summary

This document is Databricks' Privacy Notice governing the collection, use, storage, and sharing of personal data by Databricks, Inc. in connection with its website, marketing activities, and data platform products, relying on legal bases including consent, legitimate interests, and contractual necessity under applicable law. The most significant obligations created include Databricks' duty to respond to data subject rights requests (access, deletion, correction, portability, opt-out of sale/sharing), to maintain data retention schedules, and to provide notice of data sharing with third-party service providers, advertising partners, and business transaction counterparties. A notable provision is that Databricks explicitly distinguishes between its role as a data controller (for website visitors and prospects) and data processor (for customer-uploaded data under a separate agreement), which limits the scope of this notice and may create gaps in consumer understanding of how their data is handled within the platform. The notice engages GDPR (EU/EEA residents), UK GDPR, CCPA/CPRA (California residents), and references compliance with additional global privacy frameworks; Databricks designates EU and UK representatives and maintains a consent management mechanism via OneTrust. Material compliance considerations include the adequacy of cross-border data transfer mechanisms (SCCs), the sufficiency of cookie consent for non-essential tracking, and whether Databricks' legitimate interest assertions satisfy the GDPR balancing test.

Evidence Provenance

Captured April 29, 2026 08:13 UTC

Document ID CA-D-000458

Version ID CA-V-001035

Source URL https://www.databricks.com/legal/privacynotice

Wayback Machine View archived versions →

SHA-256 49ae30270990540bb98015a94054f9f41dc5629ee4f61284e731d5ed2f38f78c

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Cryptographically signed

Institutional Analysis

🔒 Institutional analysis locked

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Upgrade to Professional — $149/mo

Change Timeline

April 29, 2026 — Initial capture

Initial snapshot — monitoring begins

49ae3027…

View full version history (0 captures) →

High Severity — 1 provision

Sharing Personal Data with Advertising and Analytics Partners

Databricks passes your personal data to advertising networks and analytics companies, which may use it to show you targeted ads. Under California law, this counts as 'selling' your data and you have the right to say no.

Added April 30, 2026

Medium Severity — 7 provisions

Controller vs. Processor Distinction for Platform Data

If your employer or another company uses Databricks to process your data, Databricks is not responsible under this privacy policy — the company that hired Databricks is. You need to contact that company, not Databricks, about your data rights.

Added April 30, 2026
Data Subject Rights (Access, Deletion, Correction, Portability)

Depending on where you live, you can ask Databricks to show you, correct, delete, or give you a copy of the personal data they hold about you, and they cannot punish you for making these requests.

Added April 30, 2026
Cookies and Tracking Technologies

Databricks and its partners place trackers on your browser to follow your activity across the site. You can limit this by adjusting your browser or using the Databricks cookie preference tool.

Added April 30, 2026
Legitimate Interests as Legal Basis (GDPR)

In the EU, Databricks uses 'legitimate interests' as a legal justification to process your data for purposes like marketing and fraud prevention without needing your explicit consent.

Added April 30, 2026
Data Retention Policy

Databricks keeps your personal data for as long as they think they need it for their purposes or legal obligations, without specifying exact timeframes for different types of data.

Added April 30, 2026
Cross-Border Data Transfers

Your data may be transferred to and processed in the US or other countries with weaker privacy laws than your home country. Databricks uses standard contractual clauses to try to protect EU/UK data during these transfers.

Added April 30, 2026
Business Transaction Data Sharing

If Databricks is sold or merges with another company, your personal data could be transferred to the new owner, who may use it under different terms.

Added April 30, 2026

Low Severity — 1 provision

Children's Data — No Knowing Collection

Databricks does not intentionally collect data from anyone under 16 years old and will delete such data if discovered.

Added April 30, 2026

Cross-platform context

See how other platforms handle Sharing Personal Data with Advertising and Analytics Partners and similar clauses.

Compare across platforms →