According to Google Cloud all customer data is encrypted automatically. Then why isn't my data encrypted when I export it to a google storage and download it from there? Do I need to enable some service anyway for the encryption to work?
I really appreciate your help, thanks!
Your data is always encrypted by default on server-side. What it means is that, once Google receives the data, it encrypts it. It is recommended that you always sent your data over HTTPS or TLS. Data is automatically and transparently decrypted when read by an authorised user.
You can use the other two options for server side encryption, and you can also encrypt the data on your side, before sending it. I think this option suits your concern, but you'll have to manage your own encryption from your side, and ensure you never less your keys. Nevertheless, GCP will encrypt your data again once received.