Short summary:
- EU-U.S. Data Privacy Framework is a reality: The European Commission has approved and published the new data protection agreement with the U.S., which has data protection implications for companies and website operators.
- Webflow users will benefit: Webflow and many other U.S. companies will be listed on the new Data Privacy Framework website, which means Webflow hosting and features can be used without restrictions.
- Privacy commitments remain in place: Webflow users must still comply with privacy policies, including signing the Data Privacy Addendum, naming Webflow in the privacy statement, and continuing to follow privacy measures for personal data.
A few weeks ago, the European Commission made a significant announcement that will impact the privacy landscape for businesses and website operators worldwide. On July 10, 2023, the new data protection agreement, the EU-U.S. Data Privacy Framework, with the United States was approved and published. This decision impacts the way we build, host, and operate websites, especially as we use Webflow.
The EU-U.S. Data Privacy Framework in Brief
The new Data Privacy Framework brings some important changes. It states that U.S.-based companies that have been successfully assessed via the ITA (International Trade Administration) and the U.S. Department of Commerce must achieve a level of data protection equivalent to that of the EU's GDPR (General Data Protection Regulation).
In happy news for Webflow users, Webflow is expected to be listed on the new Data Privacy Framework website along with many other U.S. companies, as Webflow's current certification is valid until March 19, 2024 (Webflow certification status).
What does this mean for Webflow users?
The publication of the EU-U.S. Data Privacy Framework has immediate implications for those who use Webflow to host their websites:
- Unrestricted use of Webflow hosting: From the moment of listing on the new website, website operators using Webflow for hosting can do so without legal concerns.
- Webflow form feature without restrictions: The use of Webflow's form features is also possible again without restrictions.
- Using Webflow Memberships: Website owners can use Webflow Memberships without worry.
But the duties remain
Despite these positive developments, website operators and web design agencies should continue to act in a privacy compliant manner. This includes:
- Signing the Data Privacy Addendum: Before publishing a website, Webflow users must sign Webflow's Data Privacy Addendum (the data processing agreement).
- Use Cookie Consent Tool: An appropriate cookie consent tool should be used to block optional services and cookies prior to user consent.
- Local integration of fonts: Fonts, especially Google Fonts, should still be integrated locally or uploaded manually.
- Conclude data processing contract: If services are offered that access users' personal data, a data processing contract must be concluded with the customers.
It is important to emphasize that careful handling of personal data should remain a top priority, as it has been since the introduction of the GDPR in May 2018.
(Disclaimer: We are not lawyers and this is not legal advice).