A German court lifted a fine on a website for using google fonts. This adds to the decision of an Austrian court to declare illegal the use of google analytics.
What is google fonts?
Google fonts is a “free” service (actually in exchange for the privacy of your readers), which allows you to embed non-standard fonts or typographies on a website.
Privacy issues with google fonts
The penalty is given because google fonts collects the IP address and the browser agent in each request (visit). Therefore, a justification for such transfer of information and the express approval of the user is required.
Both the IP and the browser agent can be considered personal information that can lead to the timely identification of an individual.
Under the GDPR, the user must be informed of what information will be collected, how it will be used, why it is required, with whom it is shared and request express approval.
Solution and alternative to google fonts
Replacing google fonts and avoiding sending unnecessary information to the technological giant is simple: host fonts locally.
A very useful tool dedicated to this task is google-webfonts-helper. To host fonts locally follow these steps:
- Select the font you want to use. In this example: Miriam Libre.
- Select the font properties. By default the most common properties are already selected. For example the charset (latin is usually enough), the styles (if it is your main font it is good to add the bold version).
- Select the location of the font with respect to your CSS sheet by typing it in the “Customize folder prefix (optional)” field. Example: /fonts/
- Copy the CSS code provided into your CSS sheet.
- Download the fonts and place them in the location indicated in point 3. See example image below.
- Delete references/links to google fonts on your site and that’s it. Goodbye google fonts.
google webfonts helper is an libre/free tool that also has an API, if you want to automate the way you add fonts to your website.
As privacy legislations advance, the practices generalized by the technological giants (facebook, google, twitter, etc) put you in complicated situations if you use their tools on your website.
As a best practice, avoid adding scripts, widgets or any third party services on your website. Not only will you give more privacy to your users, you will also make your website faster (less DNS requests), have less dependency on third party terms and conditions and more easily comply with future privacy legislation.