Google Fonts 038 Data Protection 8211 Is It Possible

01.09.2022
|
Reading time: 8 min.
Google Fonts 038 Data Protection 8211 Is It Possible

Management Summary

The protection of our data during online activities or the threat to these activities regularly raises eyebrows. Once laws and regulations are defined on the one hand, business models and practices are already emerging on the other. The use of Google Fonts for websites is currently being criticized. With a few tips you can check whether you have integrated Google Fonts in accordance with data protection regulations - we will show you how.

The responsible handling of data is a top priority in digital marketing specifically and in entrepreneurship in general. The changes in data protection law in recent years have created a lot of uncertainty because theory often lags behind practice. Data protection compliance of systems is becoming increasingly important, not just to protect yourself from penalties. In this article we give tips on how this is possible in the case of Google Fonts.

Wave of warnings about the use of Google Fonts

Everything has to do with thatJudgment of the Munich Regional Court of January 20, 2022began, according to which the dynamic integration of Google Fonts results in an inadmissible third-country transfer of personal data. The court awarded damages of EUR 100 for the interference with personal rights (keyword: loss of control over personal data and the resulting discomfort).

Since the beginning of July, an Austrian lawyer has systematically sent numerous warnings to small and medium-sized companies in Austria that embed Google Fonts on their websites. He demands damages of EUR 100 for his, always identical, client, reimbursement of costs of a further EUR 90 and submits a request for information in accordance with the GDPR.

Data protection as profiteering?

The topic has reached many media outlets and data protection lawyers in Austria. The wave of warnings has not only sparked a fuss about the data protection-compliant integration of dynamic Google fonts, but also a discussion about whether data protection law is degenerating into a business model for warnings. In the last few days there has even been a suggestion in the media that the warning is most likely based on purely automated website visits, so that there is no person as a user and therefore no personal data is processed at all.

The WKO is alarmed and has nowRecommendationspublished. The data protection authority also reacts to this and issuesInformation available.

The question of data protection compliance when using Google Fonts does not only affect those specifically warned, which are said to be “tens of thousands of websites”, but possibly 60% of all website operators in Austria, i.e. the market share of Google Fonts in Austria:Statistik Font Usage AustriaMarket share of Google Fonts in Austria, source:Buildwith

Can Google Fonts be used in compliance with data protection regulations?

According to the Austrian Data Protection Authority, the data protection uncertainty can be eliminated through technical steps:

  • Local (instead of dynamic) integration of Google Fonts
    • Check whether the fonts are loaded from a Google server or whether the fonts are integrated locally.
    • Additionally, check whether a connection to a Google server is actually established due to the integration of Google Fonts on your website.
  • Documentation of the above results.

Since the ruling of the LG in Munich in January 2022, we have been recommending integrating Google Fonts locally. You can check whether this is the case for you as follows.

How do you check if Google Fonts fires before consent?

There are several ways to check whether Google Fonts is integrated via the Google server and whether you have consent for it. All methods are not difficult and can be applied quite easily:

About the web developer tools (browser extension)

You can obtain a lot of information about the website using the web developer tools or the developer tools of the respective browser. The following steps are necessary for this:

  • This browser extension can be opened by clicking F12 or right-clicking on the website and clicking “Inspect” or “Inspect Page”.
  • Now open the “Sources” tab and if a line with the name “fonts.googleapis.com” appears, then Google Fonts is being used.

Webdeveloper Tool Tab Sources

  • You can also open the “Network” tab and then click F5 (or reload the page).  All resources retrieved from the website are then loaded. If the name “fonts.googleapis.com” appears under the “Domain” part, Google Fonts is loaded from the Google server.

Webdeveloper Tool Tab NetworkIf you load Google Fonts from the Google server, they require consent and may only be loaded after consent has been given.

Check using an online checker

There are now a variety of online tools that analyze the site to see whether Google Fonts is being loaded from the Google server. To do this, simply enter the term “Google Fonts checker” into Google and select one of the first results.

In all cases you have to enter your own domain in an input field and then click on “check”, “analyze” or “start”.

After a few seconds you will get the result. The following screenshots show two examples of such a results report:Beispiel Ergebnis Online-CheckerExample result online checkerBeispiel Ergebnis Online-CheckerExample result online checker

Checking via browser extensions (Tag Explorer)

Another way to check whether Google Fonts are loaded via the Google server is to use other browser extensions. There are many solutions, in this example the “Tag Explorer” is used.

To do this, simply open your website and click on the tool. This then shows which third-party services have been loaded at the current time.Beispiel Tag ExplorerAs already mentioned, it is important that Google Fonts is either self-hosted or only loaded after approval.

In both cases we would be happy to support you with the implementation.

Our conclusion:

This blog article does not deal with legal issues, such as the question of whether a loss of control of the data can trigger non-material damage within the meaning of the GDPR. The courts must first establish legal certainty about this. We also have to wait and see whether the passing on of the IP address as part of the dynamic integration of Google Fonts actually violates the GDPR: the data protection authority in Austria has initiated an ex officio investigation into this.

What we recommend at this point, regardless of these further developments, is to integrate Google Fonts locally. If possible, Google Fonts should be hosted locally on your own server. If you need help with this, we will be happy to help you.

We also recommend checking your consent settings and only integrating Google Fonts after you have given your consent. Here we support you with a CMP and the development of a clean oneConsent management process. Contact us:kontakt@e-dialog.group

e-dialog office Vienna
No two challenges are the same. Speak with our experts now to find your individual solution.

Any questions? Talk to us.

Get in touch now
Relevant content

More about Analytics

Analytics

Beyond Clicks: How GEO Strengthens Your Digital Identity and Becomes Visible in GA4

Read more
Analytics

How Native App Event Tagging Works in GTM

Read more
Analytics

Recover conversion data with Jentis Synthetic Users

Read more
Analytics

App Tracking with GTM: How it Works Compared to Web Tracking

Read more