As a German developer, I’ve always been interested in trying out new code tools like Bubble.io. However, due to GDPR concerns, I had been reluctant to dive in. The recent development of the Transatlantic Data Privacy Framework (TADPF), a mutually agreed upon framework between the USA and the EU, changed this scenario.
The TADPF allows for secure data transfer between the two regions, assuming that the receiver, in this case, Bubble.io, is certified under the TADPF. In fact, I’ve found Bubble.io listed as an active participant on the official TADPF list (link here), which implies that they’ve gone through the necessary self-certification process.
However, despite these promising signs, Bubble.io’s blog post regarding GDPR compliance has not been updated recently, leaving room for uncertainty. Can I, as a German developer, now use Bubble.io without worrying about potential GDPR-related legal repercussions? I’m sure this question is relevant to many community members navigating this complex legal landscape.
Therefore, I kindly ask Bubble.io representatives or anyone knowledgeable about this matter to provide further clarity. An update to the blog post addressing GDPR compliance in light of the TADPF would also be much appreciated.
Thank you in advance for your assistance and guidance.
Hi @marketing-lokalhelde
Good point, nice matter! I am following.
Even if this issue is addressed directly via support, I also believe this should be globally written and updated by Bubble.
Please share with us when/if you have some news about.
Bubble are active but most likely because they were previously certified under the Privacy Shield, and then automatically transferred to the DPF registry. They must now update their privacy policies and join the DPF within three months. Otherwise, their registration will expire.
Thanks for the response. I could not really find if bubble is currently working on it or not. This topic is a dealbreaker for a lot of Europeans, so I hope they have that on their radar.
I think we need some general GDPR/Data Protection/Security guidance from Bubble - particularly with UK Enterprise customers (not helped because of brexit), data protection/security is taken incredibly seriously and not being able to satisfy the increasingly complex and rigorous security assessments can end up in lost deals/customers.
I don’t think anybody is expecting Bubble to complete these for us, or provide legal advice, but you need to give us materials we can refer to and use (and it needs to be maintained).
Nice titbit