European users of Webflow can rely on Standard Contractual Clauses (SCCs) for data transfers between the EU and the US. However, there are important limitations and considerations when asserting these rights against subcontractors like AWS and Fastly that Webflow uses for hosting and content delivery.
1. Reliance on Standard Contractual Clauses (SCCs)
- Webflow includes SCCs in its Data Processing Addendum (DPA) to ensure compliance with GDPR when transferring data outside the EU.
- These clauses provide a legal framework for EU-US data transfers, but they do not guarantee full compliance with EU privacy laws due to concerns about US surveillance laws.
2. Assertion of Rights Against Subcontractors (AWS, Fastly)
- Webflow remains the contractual data processor, meaning users have a direct legal relationship only with Webflow, not with its subcontractors.
- When Webflow engages AWS or Fastly, Webflow must ensure these processors comply with GDPR under its DPA.
- Direct enforcement against AWS or Fastly is not usually possible unless they explicitly provide a contractual mechanism for it.
3. Plans for an EU-Based Subsidiary or EU-Only Hosting
- As of now, Webflow has not announced any plans to establish an EU-based company or offer on-premise solutions.
- There is no official confirmation on restricting hosting to EU servers, though demand from European users for data sovereignty might influence future decisions.
Summary
Webflow users in Europe can rely on Standard Contractual Clauses (SCCs) for data transfers, but enforcement against subcontractors like AWS and Fastly is limited. Webflow has not announced a dedicated EU subsidiary, EU-only hosting, or an on-premise solution, but these concerns continue to be relevant under GDPR compliance discussions.