Wanted to announce a quick update that the Bubble team is looking into the implementation for the new Standard Contractual Clauses in our DPA. We are working with our legal counsel to understand what’s involved, and will be going through a data transfer impact assessment that’s mentioned in the new SCCs. No specific timeline to announce today, but we are actively working on it.
When the updated DPA/SCC is ready, we’ll post it publicly as we do with our current DPA, so that it applies to new users going forward as well as comes into effect for existing users.
Note that under the EU’s rollout of the new SCCs, they gave a window where any existing contracts (i.e. with the current SCCs) can continue to be used until close to the end of 2022.
Thanks for update, I guess it applies to some enterprise customers.
One another requirement of many companies is being able to host data in Europe. I hope Bubble team will be able to provide possibility of server location choice.
For anybody needing this functionality, I would love to discuss offloading your backend to firebase/firestore. I can set up this implementation for a modest fee.
You should follow your countries rules related to data storage. With firestore you could choose your European server. What’s nice about this, too, is the lower latency to get data to the front end.
Load your app from Colorado, then call your data from the center closest to your primary customer region.
As an update on the original topic: this is still in progress and should result in our updated DPA fairly soon! We are working through the process of writing our new DPA with the new SCCs (which also requires going through the Data Transfer Impact Assessment) with the help of our legal counsel.
We have just published our updated DPA with the latest Standard Contractual Clauses. This can be found, as before, at bubble.io/dpa.
Since the DPA is now available publicly, any existing or new users should be covered by it. If you’re an existing customer who had us dually sign our older DPA, we will be reaching out to you to execute the new DPA
(Note: per advice from our legal counsel, it is generally not necessary to have a dually signed version of the DPA; the DPA is in effect for all users anyways. We’ve dually signed DPAs from time to time when a customer has made a special request for this, but these DPAs are not customized from the version that’s published publicly.)