Download
We're evolving to serve you better! This current forum has transitioned to read-only mode. For new discussions, support, and engagement, we've moved to GitHub Discussions.

Legal GDPR issues with Google Fonts in Germany

Forum General Inquiry

  • February 8, 2022 at 10:43 am #6889
    Avatar photo[anonymous]

    Sorry, I just have a German link on the issue: https://www.ra-plutte.de/lg-muenchen-dynamische-einbindung-google-web-fonts-ist-dsgvo/

    The LG Munich court that embedding Google Fonts in your website through CDNs (as well as any other content through CDNs hosted in the US) is subject to user consent. So if a user accesses your website he needs to be informed similar to the cookie banner and possibly must be able to opt-out. The issue is that with the request to the Google Fonts CDN the user’s IP address is transmitted to the US server, where the IP address is considered as personal data.

    Now the issue with Publii themes is that they are using Google Fonts through he CDN and of course the IP address is transmitted right away when opening a Publii page without any chance to show a consent banner before this happens.

    I don’t want to discuss the sense of this stupid judgement – but it has been made.

    Is there already a possibility to embed Google fonts locally in the themes? If not is there a patch planned to no longer download the Google fonts through the CDNs?

    BTW: We have a similar issue with Disquss, but at least Disquss is not loaded right away, but after a delay when the user scrolls down – so this could be handled through a consent banner.

    February 8, 2022 at 10:58 am #6890
    Avatar photoBob

    Publii themes by default use a native system font. The Google fonts are optional.
    At the moment, we don’t plan on serving them locally in our themes. This would entail uploading many additional files to the server. A dedicated font system would be the best option, but that would take many hours of work and unfortunately, we cannot afford it right now.

    For scripts like Disqus, I suggest using the built-in GDPR functionality; more about it can be found in our documentation

    February 8, 2022 at 11:26 am #6891
    Avatar photo[anonymous]

    Hi Bob,

    thank you very much for the extremely fast reply. Yes, for Disqus I am already using the cookie banner to make visitors aware of that, but I will look into the supplied documentation link to make this safer. And for now I switched back to System fonts to get rid of the Google fonts. So hopefully I should be safe for now.

    When I have some time I will then override the CSS files to use hosted fonts. However of course each override makes upgrading harder of course.

    Best regards,
    Carsten

    February 14, 2022 at 5:39 pm #6917
    Avatar photo[anonymous]

    Hey Carsten,

    I found this article on how to self-host Google Fonts last year: https://webdesign.tutsplus.com/tutorials/how-to-self-host-google-fonts–cms-34775

    It was very helpful, and this is what I do for my own site because I want a certain look.

    To make upgrading easier with overrides, check out the documentation article on overrides: https://getpublii.com/dev/theme-overrides/#theme-overrides

    In terms of Disqus: there are some privacy friendly alternatives, although they do require a bit more setup.

    March 18, 2022 at 12:05 pm #7098
    Avatar photoBob

    surprise 🙂

    https://getpublii.com/blog/release-039.html
    https://getpublii.com/docs/fonts.html

    March 18, 2022 at 12:10 pm #7099
    Avatar photo[anonymous]

    Awesome release. Thank you so much, Bob.