• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Logo

CITROWEB

First choice for your online presence

  • home page
  • Services
    • Web design, web development and consulting
    • Online stores with WooCommerce
    • Technical support for WooCommerce stores
    • Search engine marketing
      • SEO: Your website receives more relevant visitors
      • SEA: Search engine advertising for your website
    • Web hosting packages and domains
  • Blog
  • Contact us
Home » Blog » Using Google Fonts in a Data Protection Compliant (DSGVO) Way

Using Google Fonts in a Data Protection Compliant (DSGVO) Way

7. May 2022

The Munich Regional Court ruled on January 20, 2022 that the integration of fonts via Google servers is not in compliance with data protection laws(link to the ruling, news article on the ruling).

Why not let Google fonts on the website load from Google servers?

When loading Google fonts from Google servers, the IP address of the website visitor is transmitted to the Google server. The IP address belongs to the so-called personal data. Before this data is passed on to third parties, the user’s consent is required.

After judgment of LG Munich v. 20.01.2022, there have already been warnings from page operators (see article of golem.de from 09.08.2022).

Solution 1: Obtain consent from user

Before the Google Fonts are loaded, a so-called Consent dialog (selection dialog for agreeing or disagreeing with data transfer) is displayed. If the visitor agrees, the Google fonts can be loaded from the Google URL. However, if consent is not given, the writings may not be loaded.

Important: The URLs from Google must not be loaded in any case before the consent. This is often done wrong when including the Consent dialog!

The problem with this solution is that when the font is rejected, it is not present and thus the website is displayed for the visitor in the default font (corporate identity not given!). Since there is a better solution (see solution 2) I do not recommend disturbing visitors with dialogs.

Solution 2: Let Google Fonts load from the website (load locally)

Google offers the Google Fonts for download and allows them to be placed on the website’s web hosting server.

How can this be done on your own

Step 1: Use google-webfonts-helper to download the fonts you want to use on your website.

Step 2: If you use a WordPress theme, you have to make the theme stop using the styles that use the Google URLs. Some themes or page builders have an option for this. If this is not the case, it must happen programmatically.

How this works in the Genesis Sample Theme is explained here.

Step 3: The fonts downloaded from step 1 and the style that embeds the fonts are placed in a folder in the web hosting.

Step 4: The style (.css file) is included in the theme.

Ready! Already the Google fonts load from their own address and no longer via Google. Thus, the page is in this point again DSGVO compliant.

Filed Under: GDPR

Primary Sidebar

Search

Recent Posts

  • Remove “Thank you for your trust in WordPress” from the bottom of the dashboard
  • Remove WordPress logo from toolbar
  • Change login cookie lifetime in WordPress
  • WordPress multisite and cookie settings in wp-config.php
  • Update GUIDs in WordPress after domain move

Footer

Logo




© 2023 CITROWEB
  • Data protection
  • imprint
  • Deutsch