Streaming live at 10am (PST)

Facts vs Fear Mongering: Webflow and European users?

@WebflowCommunityTeam Please give us an update. Thanks.

There’s been an update on this. The CNIL and other privacy law enforcement agencies across Europe recommend encrypting the personal data. As long as any Webflow employee or data processors can’t see or collect plain non-encrypted data. Webflow should be GRPD compliant.

@WebflowCommunityTeam Is form data encrypted on your end ?

I Don’t think that’s enough @ColibriMedia? A DPO (Data Protection officer) that I am working with on a project, is insisting on hosting in the EU which rules out Webflow for this job as things stand unfortunatly.

My business partner will not use Webflow currently because she doesn’t know if the system is future-proofed for EU users in this way.

The radio silence about Webflow’s plans is really worrying at this stage. I don’t need anything concrete now - but a hint as to whether the european data center option is a possibility or not would be reassuring.

3 Likes

@Shaneod For the current context, it seems to be enough. All the big web companies are using SCCs. As for “Future-proofing”. I do not think that EU will enforce this further but that’s just my 2 cents.

What about using a different form processor and still use Webflow ?

@WebflowCommunityTeam Just lost a client due to the vague state and no answers.
EU Hosting would be the deal.

@ColibriMedia Do oyu have a tip for a “european” form processor ?

@zickert Unfortunately, form processors are either vague about it or processing data outside EU.

This is stupid though. I would not feel safer using Wordpress + Contact Form 7.
A data leak is also subject to receive a huge fine from regulators. Though from what everyone is saying self-hosted personal data would be the only way to be fully compliant.

I checked privacy policies from the biggest web companies they are all pretty much using the same derogations as Webflow.
So goodbye Google, Hubspot, Webflow, Squarespace, Wix … If we listen to fears.

In the end 98% of clients will receive their form data through Gmail or Microsoft services.

Was talking to Webflow support and as @ColibriMedia says SCCs seems to be the legal route most of the big companies are using now pending further clarification from the EU as to what they are supposed to do.