Quick update from us on this matter:
We appreciate all of your patience with this and the feedback we got from all of you. First, we want to let you know that from the moment we learned about the ruling, we’ve been hard at work here with our legal team, and our internal engineering and infrastructure teams, to create a path forward that supports your compliance needs in this new environment. Here’s what we’ve done so far and what we’re planning on doing in the future.
- We’ve updated our Data Processing Agreement (DPA) to include Standard Contractual Clauses (SCCs) to cover Webflow’s processing of data on your behalf.
- You can now find and enter into the updated DPA here ➞.
- We anticipate the publication of guidance from regulators in the UK, EU and European Economic Area regarding additional protections that could accompany SCCs to further protect the data, so we may make available a newer version soon. In the meantime, we encourage you to enter into this updated DPA.
- We’ve updated our Global Privacy Policy and our EU & Swiss Privacy Policy to take into account the invalidation of the Privacy Shield as a mechanism for exporting data out of the EU.
- We continue to comply with our obligations to individuals under the Swiss-U.S. Privacy Shield Framework (which still is a sufficient mechanism for transfers from Switzerland, according to the Swiss Data Protection and Information Commissioner).
- We are considering additional technical and organizational safeguards we can offer, beyond contractual language, including an EU-hosted version of our service. We do not have an announcement to make on that front at this time. We are also in touch with our sub-processors as part of this process.