Databricks · Databricks Privacy Notice

Legitimate Interests as Legal Basis (GDPR)

Medium severity
Share 𝕏 Share in Share 🔒 PDF

What it is

In the EU, Databricks uses 'legitimate interests' as a legal justification to process your data for purposes like marketing and fraud prevention without needing your explicit consent.

Consumer impact (what this means for users)

Databricks processes EU residents' personal data for marketing and other purposes under 'legitimate interests' without requiring consent — EU/UK residents can object to this processing at any time by contacting privacy@databricks.com, and Databricks must stop unless it can demonstrate compelling grounds.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Email privacy@databricks.com stating that you object to the processing of your personal data on the basis of legitimate interests, including for direct marketing purposes. Databricks must cease marketing processing immediately upon receiving your objection.

Cross-platform context

See how other platforms handle Legitimate Interests as Legal Basis (GDPR) and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Legitimate interests is a flexible legal basis that Databricks can invoke broadly — EU users have the right to object to processing on this basis, which could stop direct marketing or certain data uses.

View original clause language
Where required by applicable law, we rely on the following legal bases to process your personal information: ... Legitimate interests: We may process your personal information where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those of those interests, for example, to prevent fraud, ensure network security, improve our services, or for direct marketing purposes where permitted.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: Legitimate interests processing is governed by GDPR Art. 6(1)(f) and requires a three-part balancing test: (1) purpose test — is there a legitimate interest; (2) necessity test — is processing necessary; (3) balancing test — do data subject interests override. GDPR Art. 21 grants data subjects an absolute right to object to direct marketing processing on legitimate interests grounds. Recital 47 specifically addresses direct marketing as a potential legitimate interest. Enforced by EU DPAs and UK ICO under UK GDPR Art. 6(1)(f).

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    FTC has authority over deceptive claims about legal bases for data processing under FTC Act Section 5, particularly where legitimate interests is used to justify marketing without meaningful consumer notice
    File a complaint →

Provision details

Document information
Document
Databricks Privacy Notice
Entity
Databricks
Document last updated
April 29, 2026
Tracking information
First tracked
April 30, 2026
Last verified
April 30, 2026
Record ID
CA-P-004411
Document ID
CA-D-00458
Evidence Provenance
Source URL
https://www.databricks.com/legal/privacynotice
Wayback Machine
View archived versions →
SHA-256
c2601098042d922e6c540b44624976b336394366f0003fd04e5ca853cfbadda2
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Databricks | Document: Databricks Privacy Notice | Record: CA-P-004411
Captured: 2026-04-30 10:03:00 UTC | SHA-256: c2601098042d922e…
URL: https://conductatlas.com/platform/databricks/databricks-privacy-notice/legitimate-interests-as-legal-basis-gdpr/
Accessed: May 2, 2026
Classification
Severity
Medium
Categories
Unknown

Other provisions in this document