On January 20th, 2022, a German court rules using Google Fonts is in breach of GDPR.

Google Fonts violates GDPR, German court Rules.

The GDPR strikes again!

While Austria and Norway are taking on Google Analytics, on January 20th, 2022, the regional court of Munich, Germany ordered a € 100,- fine to a website owner. Why? Because using Google Fonts violates GDPR.

Why using Google Fonts is in breach of GDPR

To some this may come as no surprise — for me it wasn’t. Due to the way the internet works it was a matter of time before the GDPR would catch up and start handing out fines.

But it’s important you — and all website owners — are brought up to speed.

If you’re curious about the technical details, I suggest you read this post I wrote two years ago about why Google Fonts violate the GDPR — it’s hilarious I might add. For now, I’ll give you the short and sweet version:

Every page you view on the internet consists of files: images, scripts, stylesheets and [drumroll please!] fonts! Whenever a file is requested, the IP address of your computer is shared with the server hosting that file. I.e. whenever a Google Fonts file is requested, the IP address of your computer is shared with Google’s server.

An IP address is considered personal data, because it can literally trace you back to your home.

Before, GDPR was all about asking a user’s explicit permission or, prior consent. But due to the recent ruling in Austria, never transferring (any) personal data to the US (due to their government’s CLOUD act) has become a point of interest for European privacy watchdogs.

This is the whole reason why Google (and I’m sure others are soon to follow) is under fire.

Can you keep using Google Fonts?

Google, Google! Whatcha gonna do? Whatcha gonna do when the EU comes for you!

Website owners have put in a lot of effort, time and money building and designing their site.

Fonts being part of a site’s design, asking for prior consent is not an option.

I think we can all agree that “temporarily” breaking your site’s design until the user accepted loading the fonts is a bit ridiculous.

So, if prior consent is not an option, what are your options to make your site GDPR compliant? Fortunately, there are some.

  • The Wait is Over!

  • Switch back to System Fonts

    Warning! Using this option can significantly change the look and feel of your site and might scare off some (returning) users. Proceed with caution.

    Some WordPress themes (like GeneratePress or Astra) support this natively. They offer an option to change the font-family for any element to a system font. If your theme supports it, this could be an option.

    Whatever you do, please don’t remove any mentions of Google Fonts from your stylesheets and/or themes. If you do, the browser will choose a “matching” system font. Trust me, it’ll be a guaranteed shit show.

    Now, before you switch back to Times New Roman and give it that “nice” 90’s look. There are a few things you can do to keep your precious fonts.

    Host Google Fonts locally

    If you want to keep using the same fonts as you always have, while keeping your site GDPR compliant, you can choose to host the Google Fonts your website is currently using locally.

    There’s several way to achieve this. Some approaches are more universal applicable than others, but will include some more manual labor.

    Spoiler alert! If you’re a WordPress user. Just download and install OMGF. It’s free, it’s fast, it’s easy and it does exactly what you’re looking for.

    Using the Google Webfonts Helper (universal)

    Google Webfonts Helper’s interface is intuitive, but might be too “techy” for some.

    To host your Google Fonts locally you can use this helper application, called Google Webfonts Helper. The interface works intuitive and it makes it easy for you to generate a stylesheet for your (locally hosted) Google Fonts.

    However, if you’re not familiar with PHP coding and CSS stylesheets, this approach might be a bit overwhelming. This tutorial might help you out, but if you want a quick and easy solution; keep reading.

    Using your theme’s built-in option (WordPress only)

    Some themes (like Avada and Astra) have a built-in option to serve Google Fonts from your server — which is great! If your theme supports it, you can choose to check that box and be done with it all. However, I don’t recommend this for a very simple reason: human error.

    Imagine what would happen when you check that box and change themes in a year — or maybe two? It’s very likely you’ve forgotten about that Google Fonts option you checked and after switching to a new theme, all your Google Fonts are pulled from Google’s servers again. A few months later: you find a GDPR fine on your doorstep. Ouch!

    My suggestion? Use a plugin.

    Using a Plugin (WordPress only)

    WordPress users can breathe easy; OMGF does what the Google Webfonts Helper enables you to do (and more), but without the manual labor.

    • It scans your WordPress site for Google Fonts,
    • Downloads them,
    • Generates a stylesheet, and
    • Loads it in your site’s frontend.

    Effectively eliminating any requests to fonts.googleapis.com or fonts.gstatic.com.

    Disclaimer: OMGF is able to detect Google Fonts in most situations. However, some themes use unusual methods to add Google Fonts. If this is your case, OMGF will throw a notice and ask you to contact support. Please do, I’ll get you sorted. 🙂

    Conclusion

    I hope this post has brought you some relief.

    Being a website owner is complicated to begin with and the GDPR hasn’t made it any easier.

    Now a court in Germany has ruled that using Google Fonts is in breach of GDPR, it’s time to start hosting Google Fonts locally. There is no alternative. Today you’ve learned a few approaches on how to make your Google Fonts GDPR compliant.

    ❤️ it? Share it!

    Leave a Comment

    Your email address will not be published.

    This site uses Akismet to reduce spam. Learn how your comment data is processed.