If you run a website that uses Google Fonts, you may have received an email asking for money. Many websites have fallen for this scam.
Google Fonts may not be GDPR compliant
Google Fonts is very present on the web. This service from Google provides a directory of over 1,400 fonts that can be used on websites or various projects, including creative projects.
The library is available for free, the fonts are not hosted on your own server to make them accessible, but the web browser loads them directly from Google’s servers when visiting the website.
In doing so, the visitor’s IP address is transmitted to Google. Which prompted, in the context of the application of the General Data Protection Regulation (GDPR) a court in Munich declared that the transfer of the IP address constituted a violation of the GDPR.
According to German justice, the IP address constitutes personal data, so the consent of website visitors is required to transmit this information to Google (and therefore to load the fonts of Google Fonts).
The massive scam in Germany
Obviously, this situation has given rise to scams. Indeed, there was a huge wave of warnings sent to website publishers who had integrated Google Fonts. What was behind these warnings was a treacherous business model.
Two companies are accused of having illegally warned individuals and small businesses, which use Google Fonts, through a lawyer’s letter. The scam appears to have been massive, software was used to track websites that use Google Fonts, which were then automatically called by other software.
In order to avoid costly legal proceedings, the publishers were offered to pay a fixed compensation of 170 euros. The threat of legal action served to exert pressure and obtain a settlement. In total, 2,418 cases have been identified, with more than 340,000 euros recovered thanks to this technique.
Due to the ” suspicion of fraud and (attempted) extortion”German police have issued search warrants in Berlin, Hannover, Ratzeburg and Baden-Baden as well as two arrest warrants on behalf of the Berlin public prosecutor’s office, according to the press release of the Berlin public prosecutor’s office.
Google defends Google Fonts
Despite everything, there is a lot of criticism on this court decision and on the technical interpretation of the GDPR. This German case law opens up the possibility for dubious lawyers to issue a warning as the companies prosecuted here have done. Google also commented on this matter and released a statement in a blog post.
Google points out that ” Google Fonts is an open source font library and web API for embedding font families into websites. People want the websites they visit to be well designed, easy to use, and to respect their privacy. “.
Google further emphasizes that it respects privacy: The Google Fonts Web API is designed to limit the collection, storage and use of data to what is necessary for loading fonts and for aggregate usage statistics. This data is kept secure and separate from other data. “. This data would not be used for the profiling of end users in the context of advertising campaigns.
To follow us, we invite you to download our Android and iOS application. You can read our articles, files, and watch our latest YouTube videos.