Again, GDPR is not about website resources but users data.
Where did you read that?
Sorry, maybe you don’t know about the Privacy Shield Invalidation, July 16th 2020…
This is coming from my country’s privacy institution, I’m well aware.
That’s for transferring user data. That has nothing to do with website data. If you want to manage users data in a compliant way, you can. You can also not gather user data.
It is possible that you have a misunderstanding of what GDPR is about. Not website data, user data. 2 different things.
Thanks for the response.
I’m happy to see you have better experiences with webflow than we had. So maybe it’s just incidental. Still hope Webflow changes for the better.
We have had a lot of bugs with the undo/redo function and webflow just crashing. We thought it maybe was a local problem but we tried it on different computers and multiple Webflow accounts we sadly still have the same bugs.
Also, the backups could be a local / just our account issues but when we noticed the issues with the backups we tried multiple computers and accounts, and completely new accounts and all were experiencing the same issues. When we replaced the backups all conditional visibility was wiped.
and for support the first few years were great Until we had a lot of the same bad experiences with support just not looking at the info you provide or support members who just didn’t scroll down the page far enough. Some of our support question was resolved after 2-3 weeks and 10 mails later. So our experience with support wasn’t great.
We hope this is only due to the massive growth they experienced in 2020 but our problems have been around the last 3 years, so it can’t be all about Webflows Growth.
We still hope for Webflow to become a better tool and less buggy, but no we wouldn’t like to pay more at the moment because of all the bugs we encountered the last years.
Oh I don’t want to pay more for EU hosting either
I’m genuinely sorry if you’ve experienced so many bugs. I’m on Webflow most of the time everyday and my concerns are more about efficiency on CMS intensive websites. I havent had a crash for along time.
Maybe that has to do with how we use the product, what we build inside of it, I don’t know…
Thanks for the positive answer. Ping me if there are things you wonder you can improve the stability of, I don’t know if I can help, but I can certainly listen.
Have a good week Kees.
As a German Webflow user I faced the same question as many of you: Is the use of Webflow currently legal in terms of GDPR and the no more existent Privacy Shield?
Last week I went to a lawyer who is a specialist for those kind of questions.
His answer: No. Since the privacy shield was invalidated, he definitely wouldn’t recommend Webflow. It simply doesn’t comply with all the European data protection laws. He even gave me the advice to shut down the site as soon as possible.
Thanks for this update.
The Privacy Specialist I consulted here in Italy said the same.
Professionals’ opinions are always better than our guessing.
The most critical point: Webflow can not guarantee that US authorities do not have access to personala data (for example the ip address). That is the major thorn in the side of the European data protection laws.
It is a very complicated situation and there are a lot of US companies that have the same problem with customers in the EU. Let’s hope that the European Court of Justice comes up with a new law soon that fixes those issues.
Exactly, IP address is a good example. I’d say forms too: people’s names, email, and other data you receive from a form are stored on Webflow’s servers (AWS - US).
The Consultant I spoke with doesn’t know Webflow but these new rules apply to all the hosting providers based in the US and, yes, there is a chance to be fined, especially if the website manage sensitive personal data (maybe a name and an email won’t be so dangerous, still illegal to transfer and store them in the US).
SCC (Standard Contractual Clauses) are still valid, but they’re very complicated and detailed, and you should clearly explain all the risks of the data transfer to the users before asking for consent. So maybe this is ok for big companies but hard to do for small clients.
I hope the Court of Justice will give us some alternatives or more clear explanation soon too!
Hi @vincent after reading all Q&A here on forum according to Webflow usability to EU members Im really confused as I do not know If I’m allowed to use Webflow and offer my services with this platform.
I have moved back to VSCode and using Webflow just as an ideas builder BUT I would like to go back and continue to use Webflow for clients as it speed thing up .
Im aware that content doesn’t mother and I can use Webflow freely on US servers. But If I understand what was said/written I simply CAN’T offer/recommend to client use of eg. a simple contact us form without using third party services to process data on EU servers. Is this right?
If there is a way (as you have mentioned) how to use Webflow without breaking law in EU the question is why WF did NOT wrote any article about that to make it clear how to continue to use WF without fear to be hunted by EU privacy Police. I understand that there will be more services/ways than just one to make it work but I really looking for “simple” answer HOW.
According to your note I presume that you as EU member know right solution to this question. Can you please explain or give us best practices you use (if it is not secret) in form of some article (if possible) how to use Webflow for EU clients on US severs without breaking the law?
Thanks in advance
Happy New Year
I am also confused, if it is currently 100% “legal” now or not. Some official information would be great.
Just started reading up on this - privacy shield thing… So, my first client, site is done, scheduled to be published in February. I have to tell them, sorry, no can do?
It’s so sad that webflow just isn’t responding anymore. This topic is so essential for europeans and especially germans. We need a clear statement regarding the hosting situation and the cookie management. Maybe just give us updates? Even in the wishlist all topics regarding GDPR aren’t in “future”, “planning” let alone in development. It is so crazy to me, that we can’t even use a build in cookie management tool…
Sorry to ask again, but as my question was left without attention I would like to ask again if ANYONE who know answer HOW TO use Webflow for EU clients can give a clear answer what has to be done. I’m very seriously interested as I’m paying
pro account that like it seems I can’t as EU member developer use at all except for some portfolio websites (without contact / subscription form) but I still hope that I can go back to Webflow again.
As I have mentioned before I have had read all articles/responses and conclusion goes really messy. On one side there are opinions that there is no problem and it can be done (use WF for EU clients) and second is that the lawyers said there is no legal way at this moment.
I’m developer not a lawyer to read and understand hundreds of pages and I do not want to put me or my clients to situation as get huge fine or lost of good reputation name. So if someone can in plain english explain what and how have to be done it will be very helpful.
Thanks in Advance
I am not a lawyer.
That being said, this seems like a legal issue, and one not specific to Webflow at that.
With the nature of the internet being what it is(international), we are simply caught in the crossfire between the wild wild west and an attempt at more legislation coming at an uneven pace from different directions. Data is the new taxes.
It is not illegal to use Webflow in Europe, what is illegal is to transmit people’s data out of the EU without first properly informing them that you will be doing so and why, and then obtaining and storing this informed consent.
There seems to be ways to do this. Shouldn’t we be focusing on that?
The implication being that you can make consent a requirement for people using your site, which is the route most everyone is taking. This is just like the cookie pop-up but more thorough. Everyone was up in arms about that too, at the time.
Higher privacy standards are a good thing, not a bad thing, it’s actually one of the positive directions EU is taking, in my opinion. It’s not some pesky thing in the way of web designers using a service that’s convenient to them, it’s actually there to set some standards on behalf of the ‘convenience’ of the users.
As far as I can tell, you need to:
- Outline the necessity and nature of your data transfer on your t&cs.
- Obtain consent while pointing to your t&cs (could this be done via simple checkbox in the form?)
- Store details about the obtained consent, including : Date, who consents, their expressed preferences, what legal notice you pointed them to, what form they were presented with to obtain this consent)
Basically pull the data from the form and store it in a database.
Since everyone is so concerned, perhaps we could try and put something together, and then share it for everyone to use?
Or, there is Iubenda’s ready to go solution, which will set you back 456 dollars/year and you’re done. OR: 39/month on their pro plan, which can be used with unlimited websites, so maybe a few of us could actually get together and split that? Or one clever person can buy it and set their own price, as Iubenda products can be resold.
Just some thoughts, do let me know if you think it’s nonsense .
Ps. I don’t work for iubenda, and I most certainly can’t afford 456 dollars just for that, so I’m hoping for some of that lovely co-operation and team spirit this forum is usually full of!
hi @milkshaken based on your post recommending iubenda services I have now watched a few webinars on YT about this service. If I understand right it is a law content generator on steroids with automatic updates. Nothing against as it is cool service and can be used on any page.
The question is, if DATA from EU client are stored on US servers is use of this service enough to fulfil and accomplish legal law and not to be accused from crime of breaking EU data protection law?
In other words, are cookies notifications (and website visitor agreement) good enough to use Webflow without fear?
I still have doubts, but if this is the way I would like to hear from other developers who are using this service to confirm that this is the way and it is safe.
I am sure that if you contact them, they will be able to detail to you exactly what kind of guarantees they offer to that effect, but I imagine their legal advice/ cover is as good as any GPDR compliant website has atm. They are selling ‘legal law’ after all.
Again, this is a rather facile representation of the issue, and is focusing on how to cover the website owner’s ass as opposed to how to ensure you are protecting user data to the full extent of the law.
The transfer of user data is not in itself illegal, it’s just that it is only legal under certain specific conditions which are, like any legislation, a complex issue to decipher.
A compliant solution is two-fold, and will include the need for getting valid legal advice any way you slice it:
- First you must have GPDR compliant, up-to-date Terms and Conditions, including specific clauses to data transfer.
- Then you must point people to that, obtain consent and record the consent and store the data relevant to their consent and provide a way for them to withdraw consent that is as easy as when they gave it and record subsequent withdrawals of consent.
All iubenda does is streamline the the legal bit with an api you can plug in to your site, the convenience is what you pay for I suppose -and the keeping everything up to date, don’t forget about that part!
But there’s no reason you can’t do the whole thing yourself from scratch. You’re still probably gonna need a lawyer to write the document you point people to.
All of this is not strictly Webflow’s problem, the way it’s not their problem to make sure I file my taxes on time. I guess people have some insane expectations from Webflow because it’s so damn good, and it sure would be sweet if they went ahead and hosted in Europe or even partnered with iubenda to offer their services as an opt-in for European users at a lower rate (now that’s an idea).
But like, which comparable service are you using instead that doesn’t raise any such issues for you @Stan ?
I really would like to see some Webflow reaction on these questions and at least write some article or do some of their awesome videos to ensure EU developers how to use Webflow and accomplish EU law. But instead there is only silence. I understand that this situation is not directly related to Webflow only but it looks like they actually don’t care about Europe as it is not their major market and even that is a true it is a sad experience. Hopefully they will be in feature more responsive to questions of Europe users.
Hmm, I do not expect from WF to solve this problem instantly. I’m just curious about WF communication and help to clarify to their costumers most questionable problems that most developers struggling to solve. I hope that I’m not only one who is looking froward to WF give us a clear answer.
That come to my mind after watching these webinars too
Anyway, thanks for your input
If anyone who is using iubenda can add some experience with this or other platform, or best practices how they use webflow with costumers data for EU clients as eg. e-commerce, learning platforms etc. it will be nice.
I think this might be helpful for anyone looking for an integration for legal issues required by specific countries Integrations | Legal compliance solutions | Webflow University