GDPR: Privacy Shield Updates
planned
Naitik Mehta
1) The problem →
Do you have any information on how your service can be used in the European Union? Since the Privacy Shield was invalidated, we have no option to "transfer user data outside the EU“ (especially not to the US).
2) Why is this important →
I know it’s a hard topic, but EU businesses cannot use Memberstack at all if this is not tackled.
The main issue will be, for example: US authorities reserve the right to gain data access in case of criminal suspicion, whereas this is strictly forbidden in the EU. I don’t see that they will come to a solution, soon.
3) What's your plan B →
4) Possible solutions we could build for you →
Use a EU-only Tech Stack for processors and sub-processors to keep at-least all end-user-data strictly inside the EU and its legislation.
Duncan Hamra
planned
Queued for Q3 of 2022.
Naitik Mehta
under review
J
Jakob Schneider
A little addition to 4), even this won't be enough. You would have to have a EU-only branch that could not receive directions from the US mother company (because otherwise, US authorities could still claim data access, no matter where they are hosted).
So, to be fair, this is not achievable mid-term. Maybe Europe needs to build the cool things for itself. So at least 5 years later than overseas, sigh.
"This is why we can't have nice things."
By the way, my plan B is to build Typo3/Pimcore systems on top of my Webflow projects. So 20.000€ for 90% of the website (Webflow), 30.000€ for 10% of the website (Custom, scenario: public page with a rather small login area). And double hosting (while Webflow hosting has no-strings attached, while Typo3/Pimcore needs a maintenance contract and frequent updates).
For pages with mainly gated content, we will have to build dinosaur systems again, so full Typo3/Pimcore with classic design > dev handoff, so embarrassingly ineffective, but yeah.
Naitik Mehta
Jakob Schneider feel free to leave any other ideas or suggestions here — we'll keep you posted as we make progress here 🙏