DSGVO-compliant integration of Google Fonts on websites

Online embedding of Google Fonts criticized,
Local hosting of Google Fonts is strongly recommended

The Regional Court of Munich issued a ruling in January 2022 that the embedding of the free Google Fonts via the Google server is not DSGVO-compliant. By opening the website, the fonts are loaded via the Google API. The online embedding of the font is done via a link or an import and looks like this:
<link href="https://fonts.googleapis.com/[fontlink]"
or
@import url('https://fonts.googleapis.com/[fontlink]'
This call automatically sends the user’s dynamic IP addresses to Google in the USA.
According to the (disputed) legal situation, this should only happen with the explicit consent of the visitor.

In order to have legal certainty and to avoid inconveniences due to possible warnings, it is therefore strongly recommended to host Google Fonts locally only. Google offers the possibility to download the selected font from the Google Font Library. Upload the font to your own web space and integrate it into your website. Now, the font is  loaded locally from your server and no data is sent to Google.

The GWDG generally recommends that the inclusion of external resources on web pages in stylesheets or JavaScript code should be avoided and the corresponding files should be hosted locally if possible.

Categories

Archives

--