SteelWagstaff
commented
2 years ago Thanks @saschafoerster -- we will look into this soon. For those who don't read German, here's a summary of the article he shared: A Munich Regional Court judge has ruled that the integration of dynamic web content such as Google Fonts from US web services is illegal without the consent of the visitor. The ruling stated that there is no legitimate interest within the meaning of the General Data Protection Regulation (GDPR), because the Google Fonts can be downloaded and delivered from your own server instead of integrating them via external Google servers. The website operator faces a fine of up to 250,000 euros or imprisonment for up to six months if the plaintiff's IP address is passed on to Google when the website is visited.
While this judgement is about the integration of Google fonts specifically, the principles established by the court also apply to all other content from US services integrated externally into websites. If the ruling stands, any content served by a CDN would be affected. To avoid violating the law, websites must host content such as fonts, scripts or images themselves. Alternatively, website hosts could obtain consent to the disclosure of the IP address via a consent banner.
Here's a link to the judgment itself: https://rewis.io/urteile/urteil/lhm-20-01-2022-3-o-1749320/ (in German)
saschafoerster
Google fonts can't be used in the EU anymore, without risks: https://www.golem.de/news/landgericht-muenchen-einbindung-von-google-fonts-ist-rechtswidrig-2202-162826.html
So please make it easy for us and remove Google Fonts reverences and use instead fonts locally.