Are you Embedding Google Fonts on your Websites
Reading Time: 2 minutes

If you are embedding Google Fonts on your website, according to a regional court in Germany in Munich it violets GDPR. The court ordered a website to pay €100 for transferring users’ personal data to Google via the search giant’s Fonts library without the individual’s consent.

According to the court, Google constitutes a contravention of the user’s privacy rights. It further added that the website operator could theoretically combine the gathered information with other third-party data to identify the “persons behind the IP address.”

The ruling mentioned, the violation amounts to the “plaintiff’s loss of control over personal data to Google.”

Google offers Google Fonts, as a font embedding service library, allowing developers to add fonts to their Android apps and websites simply by referencing a stylesheet.  Currently, Google Fonts is a repository for 1,358 font families.

The European Union’s General Data Protection Regulation (GDPR), suggests data points such as IP addresses, advertising IDs, and cookies are termed as personal identifiable information (PII). This makes it mandatory for businesses operating in the country to seek users’ explicit permission before processing such information.

Additionally, the court also pointed out that “Google Fonts can also be used by the defendant without a connection to a Google server being established and the IP address of the website user is transmitted to Google.” This means websites need to host the fonts locally. 

The court has not only ordered the website to stop disclosing the IP address by embedding the font library but has also urged the company running the website to share with the affected party information about the kind of personal data that it stores and is being processed.

Earlier a few weeks ago the Austrian Data Protection Authority (DSB) ruled that the use of Google Analytics by a health-focused website called NetDoktor. As it violated the GDPR regulation by exporting visitors’ data to Google servers in the U.S. and opening the door for potential surveillance by the U.S. intelligence services.

Related Articles:
New Microsoft Bug Allows Bad Actors to Take Complete Control of Your Emails
2FA Authenticator – Delete this Android App Before it Cleans out Your Bank Account
North Korean Hackers Use Windows Update Service to Infect PCs with Malware