Jump to Content
Security & Identity

reCAPTCHA Enterprise and the importance of GDPR compliance

October 12, 2023
Badr Salmi

Product Manager Lead, Web Risk, User Protection Services

David Lenehan

Customer Engineer User Protection Services (EMEA)

Hear monthly from our Cloud CISO in your inbox

Get the latest on security from Cloud CISO Phil Venables.


The General Data Protection Regulation (GDPR) sets out specific requirements for businesses and organisations who are established in Europe or who serve users in Europe. It regulates how businesses can collect, use, and store personal data.

At Google Cloud, we prioritise the security and privacy of your data, and we want you, as a reCAPTCHA Enterprise customer, to feel confident using our services in light of GDPR requirements. As a reCAPTCHA Enterprise customer, we support your GDPR compliance efforts by:

  • Committing in our contracts to process your customer personal data in reCAPTCHA Enterprise only as you instruct us, and to comply with our obligations under GDPR in relation to that processing;
  • Giving you the documentation and resources to assist you in your privacy assessment of our services; and continuing to evolve our capabilities as the regulatory landscape changes.

reCAPTCHA Enterprise has been compliant with GDPR since reCAPTCHA Enterprise became available in 2019. When you use reCAPTCHA Enterprise, you can have confidence in the following:

Data processing

Any customer data put into our systems will only be processed in accordance with the customer’s instructions, as described in our GDPR-updated Google Cloud Data Processing Addendum and the reCAPTCHA Enterprise Service Specific Terms. Hardware and software information collected through reCAPTCHA Enterprise (such as device and application data) is only processed as necessary to provide, maintain, and improve the service, and for general security purposes. That information will not be used for any other purpose, and it is not used for personalised advertising by Google.

Our commitments to our customers

The Google Cloud Data Processing Addendum clearly articulates our privacy commitment to customers. We have evolved these terms over the years based on feedback from our customers and regulators. We specifically updated these terms to reflect GDPR requirements for agreements between companies that process personal data on their customers’ behalf, and to facilitate our customers' compliance assessment and GDPR readiness when using Google Cloud services. Our customers can enter into these updated data processing terms via the opt-in process described for the Google Cloud Data Processing Addendum.

Learn more about Google Cloud and GDPR. If you have questions about getting started with reCAPTCHA Enterprise, please contact us.

Posted in