[Wishlist] GDPR: Privacy Shield Updates Planned
- 3 comments
[This post was migrated from our old community roadmap]
1) The problem → Do you have any information on how your service can be used in the European Union? Since the Privacy Shield was invalidated, we have no option to "transfer user data outside the EU“ (especially not to the US).
2) Why is this important → I know it’s a hard topic, but EU businesses cannot use Memberstack at all if this is not tackled.
The main issue will be, for example: US authorities reserve the right to gain data access in case of criminal suspicion, whereas this is strictly forbidden in the EU. I don’t see that they will come to a solution, soon.
3) What's your plan B →
4) Possible solutions we could build for you → Use a EU-only Tech Stack for processors and sub-processors to keep at-least all end-user-data strictly inside the EU and its legislation.
Jakob Schneider feel free to leave any other ideas or suggestions here — we'll keep you posted as we make progress here 🙏
A little addition to 4), even this won't be enough. You would have to have a EU-only branch that could not receive directions from the US mother company (because otherwise, US authorities could still claim data access, no matter where they are hosted).
So, to be fair, this is not achievable mid-term. Maybe Europe needs to build the cool things for itself. So at least 5 years later than overseas, sigh.
"This is why we can't have nice things."
By the way, my plan B is to build Typo3/Pimcore systems on top of my Webflow projects. So 20.000€ for 90% of the website (Webflow), 30.000€ for 10% of the website (Custom, scenario: public page with a rather small login area). And double hosting (while Webflow hosting has no-strings attached, while Typo3/Pimcore needs a maintenance contract and frequent updates).
For pages with mainly gated content, we will have to build dinosaur systems again, so full Typo3/Pimcore with classic design > dev handoff, so embarrassingly ineffective, but yeah.
"However, we decided against using Memberstack because of the lack of payment method support.
In Europe, few people have a credit card, so we need all the payment options specific to each country that Stripe provides out of the box.
Another important thing we bumped into (and the main reason we'll probably not be using Circle either) is the strict GDPR legislation in Europe which requires us to have all user information stored on European servers.
There seem to be a way around this, but it gets very complex and unclear very fast, leaving us in a gray zone at the discretion of the EU and big fines if we get it wrong."
Please sign in to leave a comment.