+1 for a reply please, Webflow team
We are aware of the July 16, 2020 decision from the Court of Justice of the European Union, which invalidated the EU-U.S. Privacy Shield. In the coming days, Webflow will update our Data Processing Agreement (DPA) to provide all customers with an easy method to electronically sign Standard Contractual Clauses (documents approved by the European Commission for use in cross-border data transfer situations) with Webflow. As legally required, Webflow will continue to comply with its obligations to our customers and their users with respect to data received under Privacy Shield.
We are also working actively with our legal team to create a new DPA and will update the community once it’s live (we appreciate your patience as this update has many moving pieces and we are working as fast as we can to address this issue to the full extent). If you have any questions, please ask in this thread. Thank you!
Yes, as another EU provider using Webflow, we need an EU-only hosting option, thanks, Kieran.
I agree that an EU-hosting would be the best solution for your European customers. I only have 1 website BUT ironically it’s for an International Congress about Data Protection and Privacy CPDP. If no solution is offered we will have to move the site to another platform.
I also support the idea of Webflow hosting on EU territory. As a small, worldwide operating Swiss company, we decided to create the next version of our web presence with Webflow. We consider data protection and the right to privacy as a self-evident fact. Although we are a Swiss company and not directly subject to EU legislation (but EEA, https://webflow.com/legal/eu-privacy-policy), it always applies the law of the jungle, which is still the right of the strongest. In the affirmative, as well as the negative sense.
For this reason, we do not want to expose our clients and friends to legal uncertainty. The Privacy Shield USA-Switzerland is still valid, but it is, in part, nothing more than a minimal emergency backup. It always seems unclear what the legal viability of such agreements in a triangular relationship (EU visitors, non-EU company, US hosting, e.g.) is in the end. We have no desire and no resources to deal with the legal cease and desist industry (the German concept of “Abmahnung” stands for something between “official, written warning” and “cease-and-desist-order”; was probably intended as a simplified dispute resolution, but seems to have gotten entirely out of hand and quickly costs considerable amounts of money for legal support even in extreme and unjustified cases).
Thank you if you dedicate yourself to the legal damage limitation quickly and come up with a solution. And please do not forget the EU-Hosting. With some necessary extensions of the e-commerce functionality, we could then also offer a webshop via Webflow
Here is a clear call to action: transferring data from the EU to US servers is officially declared illegal. No grace period. Now its your turn: EU based servers? Fine. US based servers for EU customers? No way than leaving webflow.
Some news on this would be great.
I can only speak for myself but I sold Webflow to clients and they are now waiting for me to deliver and I am having to stall while I wait for some info on this. Do I stay with Webflow or start learning a new platform?
I’m personally having to look at alternative hosting solutions for my customers due to a lack of action on Webflow’s part here (this obviously presents issues where use of the Webflow CMS is concerned!).
A new DPA simply won’t cut it. Clear, decisive guidance needs to be issued by Webflow - it’s been nearly two weeks, so I would have expected an official response (i.e. something more substantial than a forum post) from Webflow by now.
EU customers make up a huge portion of the userbase, as evidenced by this forum topic alone. Don’t leave us out in the cold here.
We really need to get an update on this topic asap.
What will be Webflow’s solution for your EU customers?
As described in many legal news and podcasts (i.e. here https://open.spotify.com/episode/3m69Tea4oe8hfulzm2C2le?si=4c2Hi1mcTCafvgQs5zlYag ) you need to provide „SCC plus“, means SCCs with further technical und legal measures. Hope you‘ll provide it soon, so that the current risks will be mitigated.
I agree that an hosting option for Europe will make institutional prospects happier. What happens with SCCs ? Do we have to communicate and ask signature to all our clients ? If so, it may open a highway of complaints.
Also, why is jquery not updated ? Is Webflow ditching Jquery towards something more RGPD compliant ?
Lot of questions unanswered.
its been 2 weeks since your last comment.
are there any news?
We just launched our new company website with Webflow and every team member is extremely happy with collaborating within the tool.
Since the invalidation of the privacy shield we’re looking into hosting ourselves and just using Webflow for designing the site. This means again we’ll need our own deployment chain etc. And it will eventually be quite hard to justify spending money on Webflow.
I would really, really, really like to use Webflow ‘out of the box’ because it solves so many headaches and lets people collaborate seamlessly between different disciplines.
Having no real statement makes it really uncomfortable right now. Please let us now what is your road map.
@WebflowCommunityTeam it has been 19 days since you provided us with something “in the coming days”. We all know that the issue is complex, but we need resources in the short term that will allow us legally to host customer websites with Webflow. And preferably yesterday.
And, of course, we also need information about how, after the short-term solution with a view to the future, it is planned to change the Webflow hosting if necessary.
If you are already working on a “big” solution, please let us know. For some of us, who build their business completely on Webflow, this is existentially important.
Even some acknowledgement wouldn’t hurt. The radio silence is concerning.
I am also surprised at the lack of attention this has been given on youtube too. I guess there aren’t any big scale European creators at the moment.
Can we please get any response from @WebflowCommunityTeam ? We have to inform our european customers how we can move forward. Its been 3 weeks now.
PLEASE - we need an update.
Not sure this is what you are looking for, but you can refer to this: https://webflow.com/legal/sign-dpa
Hope this helps.
Have a Great Day and Happy Designing,
And since we are not lawyers, do you think that the use of your hosting as an EU customer is now legal again after the decision of the European Court of Justice and the amendment of your EU Privacy Directive?
And to ask it again, can you please tell us if you are planning to make any changes to the choice of hosting servers?
In the long run, it pays off for all your customers to choose the servers on which the website is hosted by state or region.
All your customers who have commented here and watched this thread are here because they love to work with webflow and the topic touches them directly. Please give us a little transparency with information about your plans.
Hoping for information, I remain with love from Germany,
Dennis from Vibrand Design
Quick update from us on this matter:
We appreciate all of your patience with this and the feedback we got from all of you. First, we want to let you know that from the moment we learned about the ruling, we’ve been hard at work here with our legal team, and our internal engineering and infrastructure teams, to create a path forward that supports your compliance needs in this new environment. Here’s what we’ve done so far and what we’re planning on doing in the future.
- We’ve updated our Data Processing Agreement (DPA) to include Standard Contractual Clauses (SCCs) to cover Webflow’s processing of data on your behalf.
- You can now find and enter into the updated DPA here ➞.
- We anticipate the publication of guidance from regulators in the UK, EU and European Economic Area regarding additional protections that could accompany SCCs to further protect the data, so we may make available a newer version soon. In the meantime, we encourage you to enter into this updated DPA.
- We continue to comply with our obligations to individuals under the Swiss-U.S. Privacy Shield Framework (which still is a sufficient mechanism for transfers from Switzerland, according to the Swiss Data Protection and Information Commissioner).
- We are considering additional technical and organizational safeguards we can offer, beyond contractual language, including an EU-hosted version of our service. We do not have an announcement to make on that front at this time. We are also in touch with our sub-processors as part of this process.