The Google Fonts GDPR Affair and What It Has to Do With You?
At the moment, websites that use Google Fonts do not store those fonts on their site, but the fonts are downloaded from the Google service. This means that when you open a site that uses Google Font, that font is retrieved from the Google database. Nothing about this sounds dangerous. But, things are not that simple. The Google Fonts GDPR case that took place in Germany has rocked the online world, let’s see why.
Ever since a German regional court in Munich charged a website operator with a fine of €100 in damages for transferring a user’s personal data like IP address and similar to Google through the huge Fonts library, using Google fonts become not only a matter of style but also a matter of private data concerns. Google Fonts GDPR infringements are possible in any part of the world, on all websites that have audiences from EU countries.
How this could even be possible? The thing is, according to the General Data Protection Regulation (GDPR), prescribed by the EU, IP addresses, ad IDs, cookies, and similar data are considered personal identifiable information which obliges the businesses to ask for user’s direct permission before processing that kind of information. And since embedding the font library implies disclosing the IP address, using Google Fonts becomes an issue of privacy data protection.
Why is it so important to oblige to GDPR, and how to use Google Fonts without making any type of data protection breachers are all the issues we’re going to cover in this article. Stay tuned to read more about:
GDPR is basically a set of rules and regulations that regulate the collection of EU citizens’ personal data. The previous document that addressed this issue, made in 1995 needed an update in line with all the many changes that have occurred following the development of internet technologies. So, GDPR was created with the purpose to protect the personal data of EU citizens, and any entity that does business with EU citizens also has to abide by this regulation. Personal data are very sensitive and can be used for a very wide array of internet frauds, therefore the GDPR rules needed to be very precise and strict. GDPR fines can be up to $20 million or 4% of annual turnover in the year before and have to be taken seriously however small or safe you believe your website or business is.
As a website owner, within the GDPR framework you are considered a data controller, and all those users whose data your website collects one way or another, are considered the data subjects. Whether you want it or not, you have to be aware of all the different ways your website collects personal data so that you can be sure you are not in breach of any type of regulations related to these kinds of issues. A website owner i.e the data controller is obliged to be familiar with the whole set of the GDPR rules, as well as with other similar documents that regulate data privacy issues and personal data processing.
Considering that every page on any website consists of many different elements and since fonts are an inevitable element on any type of website, at some point every website owner will be dealing with Google Fonts. And, every time a Google Fonts file is requested, your computer’s IP address is shared with the Google server. This means that Google can easily use your IP to trace you back to your home. That’s why the IP address is treated as personal data. The same accounts for all of your website users.
So, how can you keep using Google Fonts without jeopardizing your personal data safety and without breaching GDPR? There are no specific Google Fonts GDPR guidelines but the solution is to host the Google Fonts locally.
Hosting Google Fonts locally is not rocket science, but it can become a bit daunting and complicated if you are not a fan of stylesheets. Luckily, there’s a straightforward and easy solution that comes in the form of a WordPress plugin.
The OMGF plugin is a free, easy-to-use WordPress plugin that allows you to automatically cache the fonts your theme and plugins use to minimize DNS requests and speed up your WP website. The plugin offers two possible configurations, you can choose between the manual and automatic configuration whereas the automatic is available only in the premium version. With the free, manual configuration you can set the OMGF to work the way it suits you, and run its detection mechanism on an address that you choose. You can then tweak the stylesheets as per your needs and these will be used throughout your site.
In case you want to be sure you are safe in terms of not breaching the GDPR, you can always consult an expert in the field or hire someone to take care of this issue for you.
There’s nothing fun about Google Fonts GDPR, but there’s even less fun in making your and your user’s sensitive data exposed. GDPR can make things complicated, but its essential purpose is to protect both your and your users from possible misuse of personal data. It is in your utmost interest to be well-appointed with the GDPR guidelines. It is not a matter of choice but an obligation that requires all the participants in online transactions of all types to be aware of possible risks that come with every click.
We’ve all seen movies about malicious hackers but when it comes to undertaking all the measures of caution to prevent those scenarios from happening for real, we are often reluctant and don’t take things seriously enough. Luckily, there’s a wast array of GDPR plugins that can help us stay tuned to the law and abide by its regulations. Good luck and keep your data safe!
We hope this article was helpful. If you liked it, feel free to check out some of these articles as well!