This is how more and more non-European sites appear to us who surf the internet from Europe.
Large companies that do not want or cannot host their sites on European servers or that do not want to give up tracking tools such as Google Analytics have no other option than to block access to European visitors to avoid incurring fines.
It’s getting very hard to promote Webflow to our European clients.
Is there any news from Webflow for a possible hosting option on exclusively European servers? (They said they were trying to offer this in this article about the invalidation of the Privacy Shield)
UPDATE 17th January, 2021
I wrote an email to the Webflow Privacy department and they replied. I’m very satisfied with their explanation. Even if they cannot give legal advice, at least they explained in a clear manner and in one place all the details of the current situation.
I’ll include a screenshot (to let you see it’s a real email) and the transcription if you want to comment or copy the link he provided.
My name is David, thanks for contacting the Webflow Customer Support Team.
Thanks for reaching out with the GDPR questions with data transfers for EU to US, I am here to help with some information for your research into data processing and storage.
Webflow uses hosting servers around the world for the CDN to enable sites to load quickly and closer to the users. Webflow uses Fastly and AWS Cloudfront.
There is not currently any option to have content only on specific servers or location. If your site needs to host only on specific location then an option is to create on Webflow and then export the website files so you can upload to a specific hosting server.
Our servers/sites are located/stored globally and all Webflow-hosted sites are Privacy Shield compliant - Privacy Shield
Ever since European Commission invalidated Privacy Shield as a mechanism to transfer data between EU and US, we’ve amended our standard DPA and and have been using Standard Contractual Clauses (SCCs) as the basis for the transfer mechanism. The latest version of our DPA has SCCs, and makes no reference to the Privacy Shield, even though we continue to be Privacy Shield compliant and are awaiting further guidance on the process, or updated SCCs as a result of that decision, which should come out in the next few months.
We are working very closely with outside privacy law experts on staying fully compliant with all GDPR regulations. We appreciate your attention to this.
Here is some more information:
- Webflow has a Data Processing Agreement available for individuals and businesses that rely on Webflow to process personal information, such as form submissions - https://webflow.com/legal/sign-dpa.
- We continue to comply with our obligations to individuals under the Swiss-U.S. Privacy Shield Framework (which still is a sufficient mechanism for transfers from Switzerland, according to the Swiss Data Protection and Information Commissioner 4).
You can find some other cookie consent/legal consent solutions on our integrations page at the link below.
Privacy laws are complex and differ widely from client to client. Webflow cannot provide any legal advice. Our recommendation is to contact a legal professional who can help advise the requirements to help decide on the toolset used.
There have been some recent changes to EU privacy and the privacy shield, please continue to see the information from Webflow for any updates at Webflow, your EU customers need a statement (Privacy Shield) - #28 by WebflowCommunityTeam.