According to a recent ruling by the LG Munich, the use of Google Fonts via the Content Delivery Network (CDN) violates the GDPR, as the IP address of the visitor is transferred to the USA without being asked.
On January 20, 2022, the Munich Regional Court ruled that the use of Google Fonts via a CDN without the consent of the user constitutes a violation of the GDPR (AZ 3 O 17493/20). The disclosure of the IP address constitutes a violation of the general right of personality in the form of the right of informational self-determination pursuant to Section 823 (1) BGB.
Here you can find an article on how to embed Google Fonts locally into your WordPress site in just 5 steps.
What are Google Fonts? #
Google Fonts are fonts provided by Google under the Apache license (version 2.0) for free use (see: https://fonts.google.com).
Google Fonts can be embedded locally or via a CDN. When embedding locally, the fonts are stored directly on the server of the website as TTF, WOFF, WOFF2 etc. and embedded via CSS.
Alternatively, Google offers the dynamic integration of fonts via the Content Delivery Network (CDN). In this case, the font is loaded directly from the Google server as needed. This is done on the client side by the visitor’s browser. The IP address of the user is then also transmitted, which in turn violates the DSGVO.
Why is the integration of Google Fonts a problem? #
In the proceedings before the Munich Regional Court, the operator had integrated the Google fonts dynamically via Google’s CDN without obtaining the consent of each visitor in advance. The plaintiff objected to this and demanded an injunction and damages.
The verdict of the LG Munich #
The Munich Regional Court upheld the action. The unauthorized disclosure of the dynamic IP address to Google violated the general right of privacy in the form of the right of informational self-determination. In addition, the Munich Regional Court awarded the plaintiff damages in the amount of €100.
Sources: #
- https://www.ra-plutte.de/lg-muenchen-dynamische-einbindung-google-web-fonts-ist-dsgvo/
- https://rewis.io/urteile/urteil/lhm-20-01-2022-3-o-1749320/
- https://fonts.google.com/specimen/Roboto#standard-styles
- https://www.internetworld.de/shop-technologien/google/lg-muenchen-einsatz-google-fonts-verstoesst-dsgvo-2736952.html
Comments