Many websites use external Google fonts. If you embed Google fonts as Google suggests, connections to Google servers are established. The fonts are thereby loaded from a Google server and this is not DSGVO compliant. The integration of dynamic web content such as Google fonts from US web services is illegal without the visitors' consent. This was decided by the Munich Regional Court in a ruling (Ref. 3 O 17493/20). Website operators can be sued for injunctive relief and damages. Operators should only embed Google fonts locally so that no connection to US servers can be established.
Why not use external Google Fonts?
By default, Google Fonts loads the fonts from the Google CDN.
In the process, some data is transmitted to Google. For example:
- Your IP address
- the visited website
- the device or model used
- the browser used
This allows Google to create a user profile of you and, for example, display relavant advertising. As a result, the use of Google Fonts usually violates the GDPR, depending on the use case.