We're evolving to serve you better! This current forum has transitioned to read-only mode. For new discussions, support, and engagement, we've moved to GitHub Discussions.

Legal GDPR issues with Google Fonts in Germany

  • #6889
    Avatar photo[anonymous]

    Sorry, I just have a German link on the issue:

    The LG Munich court that embedding Google Fonts in your website through CDNs (as well as any other content through CDNs hosted in the US) is subject to user consent. So if a user accesses your website he needs to be informed similar to the cookie banner and possibly must be able to opt-out. The issue is that with the request to the Google Fonts CDN the user’s IP address is transmitted to the US server, where the IP address is considered as personal data.

    Now the issue with Publii themes is that they are using Google Fonts through he CDN and of course the IP address is transmitted right away when opening a Publii page without any chance to show a consent banner before this happens.

    I don’t want to discuss the sense of this stupid judgement – but it has been made.

    Is there already a possibility to embed Google fonts locally in the themes? If not is there a patch planned to no longer download the Google fonts through the CDNs?

    BTW: We have a similar issue with Disquss, but at least Disquss is not loaded right away, but after a delay when the user scrolls down – so this could be handled through a consent banner.

    Avatar photoBob

    Publii themes by default use a native system font. The Google fonts are optional.
    At the moment, we don’t plan on serving them locally in our themes. This would entail uploading many additional files to the server. A dedicated font system would be the best option, but that would take many hours of work and unfortunately, we cannot afford it right now.

    For scripts like Disqus, I suggest using the built-in GDPR functionality; more about it can be found in our documentation

    Avatar photo[anonymous]

    Hi Bob,

    thank you very much for the extremely fast reply. Yes, for Disqus I am already using the cookie banner to make visitors aware of that, but I will look into the supplied documentation link to make this safer. And for now I switched back to System fonts to get rid of the Google fonts. So hopefully I should be safe for now.

    When I have some time I will then override the CSS files to use hosted fonts. However of course each override makes upgrading harder of course.

    Best regards,

    Avatar photo[anonymous]

    Hey Carsten,

    I found this article on how to self-host Google Fonts last year:–cms-34775

    It was very helpful, and this is what I do for my own site because I want a certain look.

    To make upgrading easier with overrides, check out the documentation article on overrides:

    In terms of Disqus: there are some privacy friendly alternatives, although they do require a bit more setup.

    Avatar photoBob
    Avatar photo[anonymous]

    Awesome release. Thank you so much, Bob.