I believe that most people here are designers, now lawyers, however all the European privacy rules have turned our world upside down.
I barely got the hang of GDPR and how to make my websites compliant and now, surprise, we have this Privacy Shield thing to worry about.
I tried, really hard to understand what is going on but each time I am trying to understand the issue, I get sucked into a whirlwind of contradictory information and no clarity in sight.
This is a question to my fellow EU webflow freelancers/agencies:
Is webflow OVER for us? Has it become uncompliant for us to make websites if they are hosted on US servers and not in Europe?
How did you adapt to the situation? What must we do?
Please, someone help me understand what do we need to do in order to make our European-made webflow sites compliant.
Thank you very much!
I totally understand how you feel, I am in the same boat. This legislation has confused me completely and I cannot get a straight answer. I am surprised that there isn’t something said about this on Youtube.
I cannot offer any advice as I too am seeking answers. I believe that Webflow is looking into making some EU servers, but this is going off one small comment in the forum, they have otherwise been radio silent on how they intend to deal with this situation. I presume they are being cagey so they cannot be the target of any legal action by users but I for one feel like the EU users are being left out to dry, and feel pretty un-valued right now.
As for what we can do, I am making my thoughts known, while trying to find some answers. I was just about to start a business using Webflow, this change in legislation combined with their handling of it has greatly shaken my trust in their organisation.
I am choosing to believe they will sort it out, most likely by creating said European servers, so for now I am stalling my business plans and working on portfolio. But as I just reduced my hours at work so I had time to work on this business, their procrastination is costing me £5000 per year, not much for a business but a lot for me, so I really wish they would get a move on.
I am also looking at their competitors as well as looking into Wordpress too, though I am going to wait a while to see what they do, if I see no progress I am going to leave Webflow behind.
I love Webflow and I think it is the future of front end development, but it feels to me like they are buckling under their own success. They preach transparency but have so far been very poor at responding to this situation and keeping users in the loop. I cannot tell clients when I will have an answer, so after taking time to sell Webflow to them I know have to backtrack and look like a fool and have lost their trust. This has cost me money and time.
Admittedly, it is not Webflows’ fault this happened, I get that it is a really tricky situation and I applaud everything they have done thus far. But they are not handling this well at all.
Thank you for answering! I guess we will just have to wait and see.
The only thing that I don’t understand is why is it so complicated to restrict the hosting of EU websites on European servers. From what I undestand, they are using Amazon Web Services & Fastly that ALREADY have servers all over Europe. I am just venting now sorry.
Anyway, I wish you good fortune and may all our problems get quickly resolved!
It’s a complicated matter, as often for legal things…
First of all : it’s not OVER for us europeans to use Webflow, but some aspects are legally more complicated since the Privacy Shield was deemed invalid.
From my understanding, the main issue is about personal and sensitive data. So I’d say that if your site handles personal data (like Facebook for examples) then you’ll need to ensure that this data is handled within EU following EU regulations.
For a Webflow site I imagine, this will mostly affect you for contact forms, and the usage of Cookies
Otherwise , the problem is more with 3rd parties like Memberstack who’s core business is to handle this sensitive data.
So what I’d say should be done:
- You need to check what data your site has access to and how it handles it
- If you’re suspicious about something, try to change it (better be safe than sorry)
- Webflow is a US company but has servers in EU thanks to AWS. So they need to ensure the data processed within EU is treated according to EU regulations. This needs to be done via a specific contract between them, AWS and whatever other provider they use.
- Webflow should really give transparency on this, I agree with you here.
- Hope that the new Privacy Shield the govs are working on will address this and that we can go back to work without having to worry about this
I have actually messaged a few creators regarding this and it seems that most of them do not understand the legislation and don’t really care either. They are working under the assumption that the odds of having an issue are slim and that clients who handle a lot of user data are likely to have their own legal teams that you can trust this stuff to, so they just aren’t worrying about it.
Not to judge those creators as this is working out for them just fine it seems, but for me this feels irresponsible. I am happy to leave the actual website legalities to the clients but as far as the tools and plugins I am using and recommending, I need to be able to understand their legal status at least in brief.
Some transparency would be great. I have searched Webflows support and all I can find is an article about preparing for GDPR and in that a sentence stating they are seeking GDPR certification, nothing stating their current status.
Same for me. I stopped using Webflow and painfully went back to Wordpress.
I know this laws are kind of crazy but I agree that silence is not the most professional response from Webflow.
The problem is huge and involves Google Analytics, Memberstack, Zapier and all those extensions/integration that are USA based.
A friend of mine is a Privacy Consultant and just attended a course about this new situation. He sent me some material to study, the point is, there is no shortcut or way around it.
If Webflow and the other services will give us an EU based option we can use them, otherwise we can’t. That’s it.
@Pasint I agree with your reply here. If you use the contact form just like you would use an email and use only general cookies, there’s no reason to worry about.
Here’s a link with some explanations and resources on this matter: https://matomo.org/blog/2020/07/storing-data-on-us-cloud-servers-dont-comply-with-gdpr/
So according to that article site should just make sure to include something like “your data will be sent to the US servers” in addition to the usual cookie opt-in popup and that’ll be enough.
So just to add a bit more. Here s what European Data Protection Board says on a subject of transferring of user data to non-EU servers:
Article 49 (1) (a) states that a transfer of personal data to a third country or an international organization may be made in the absence of an adequacy decision pursuant to Article 45(3), or of appropriate safeguards pursuant to Article 46, including binding corporate rules, on the condition that ‘the data subject has explicitly consented to the proposed transfer,after having been informed of the possible risks of such transfers for the data subject due to the absence of anadequacy decision and appropriate safeguards’.
Note that this is an old document from 2018, but it is still valid for the current changed policy as far as I can tell (the change here is at the time of that old doc US had the proper “adequacy” with their privacy shield, now it doesn’t)
edit: also to add
In the absence of an adequacy decision, the GDPR allows a transfer if the controller or processor has provided “appropriate safeguards,” which may include:
- Approved Codes of Conduct or Approved Certification Mechanisms
- Binding Corporate Rules
- Standard Contractual Clauses
Webflow uses standard contractual clauses part to allow the transfer of data (this is where the DPA that was posted a few times by WF team comes into play).
You may also check this post for most recent information: Privacy Shield update
That is from August 10 - it’s October now, are there any updates on this item?
- We are considering additional technical and organizational safeguards we can offer, beyond contractual language, including an EU-hosted version of our service. We do not have an announcement to make on that front at this time. We are also in touch with our sub-processors as part of this process.
This would solve the whole thing if it could be served for EU customers on AWS Europe. Are you still exploring that as an option? how might it work, when might it be live etc etc ?
Also very interested. There are clients on-route for me that will/need to use/process some sensitive data, and i’d like to know if we can go Webflow.
+1 with @Shaneod , this is really the way to go.
This statement is 2 month old now. Any updates? what about the way @Shaneod mentioned?
…hope this helps.
Come on @WebflowCommunityTeam - give us a clue as to what’s happening!
Hi, does this actually mean if i don’t use contact forms and google analytics or other trackers, it’s fine to use webflow hosting? cheers
Hi again, so I am convinced a client (in Europe) of mine to switch to webflow incl. hosting since we like to use the CMS features. I am quite confused now what the situation is regarding all this US/EU Data privacy subject. It would be great if @WebflowCommunityTeam could provide something like a checklist (if possible) under what circumstances it’s safe to move forward with webflow for European creators/clients.
Maybe there is one already and I missed it in which case I am sorry, but I am looking for something like…
- No form data upload
- Correct Disclaimer / Opt-out incl Webflow
- … and so on
This would really help, since we don’t want to get into legal trouble. Would that be possible? thanks in advance, alx
It’s fine to use Webflow without contact forms yea - or ECommerce. Trackers are completely separate and you will just need standard cookie consent form if you are tracking people.
@WebflowCommunityTeam any updates on this - I don’t need to know anything concrete but just a general plan? If you don’t plan on having an EU hosted version of Webflow at some point it would be better for me to know. sooner rather than later.