DE
EN
There is currently a wave of cease-and-desist letters in Germany due to the integration of Google Webfonts.
Many website operators are currently receiving cease-and-desist letters like these:
GDPR Violation – Unlawful Disclosure of Data
Dear Sir or Madam,
I visited your website xyz on [date] while searching for xxx. My IP address is: xxx
Unfortunately, you have not implemented the third-party service on your website. Google Fonts dynamically integrated, which means that when your website is accessed, a connection to Google's servers is automatically established without the visitor's consent (recognizable in the page source code under the link to “fonts.googleapis.com” or “fonts.gstatic.com”I have documented and recorded this.
This means you are transmitting at least my IP address to a server in a third country, the USA, where an adequate level of data protection is not currently guaranteed. You did not obtain my prior consent for the transfer of my data to Google.
Since I can be traced using my IP address, for example, or Google can use it to track my online activities and collect data about me, this falls under the GDPR (General Data Protection Regulation) as personal information!
Because you have now shared my IP address without consent, and even though there is no necessity or legitimate interest in sharing it, you are violating the GDPRThere is, in fact, the option to store the rendering of Google Fonts directly on your server and thus comply with the GDPR. Furthermore, you have violated my right to informational self-determination.
According to the Art. 82 DSGVO The affected persons are entitled to compensation. This is also confirmed by the latest ruling of January 20, 2022, from the Munich Regional Court under file number 3 O 17493/20.
This was exactly the same case – the use of Google Fonts.
Since I am now personally affected by visiting your site and my annoyance at the disclosure of my data is enormous, I hereby assert my rights under Article 82 GDPR against you.
I am referring to the aforementioned judgment, which you can find on the internet under the page Openjur can see. It states, among other things:
Tenor
1. The defendant is ordered to refrain from disclosing the plaintiff's IP address to the provider of a font from Google (Google Fonts) when the plaintiff accesses a website operated by the defendant, under penalty of a fine of up to €250.000,00, or alternatively, imprisonment for up to six months.
2. The defendant is ordered to provide the plaintiff with information as to whether personal data concerning the plaintiff is being processed, and, if applicable, to provide information as to which personal data concerning the plaintiff is stored.
3. The defendant is ordered to pay the plaintiff €100,00 plus interest at a rate of 5 percentage points above the base interest rate since January 28, 2021.
reasons
The admissible claim is largely well-founded. (…)
Thousands of website operators are currently receiving a warning letter or, as in this case, the threat of a warning letter, which can be prevented by paying a sum of money (here €100).
You have also received a warning letter for the violation of the dynamic integration of Google Fonts, which you have incorporated into your theme/template, for example, as follows:
@import url(‚https://fonts.googleapis.com/css2?family=Oswald:wght@200;300;400;500;600;700&family=Roboto:wght@100;300;400;500&display=swap‘);
This can easily be changed by loading the fonts directly from the server (local) and no longer via the URLs: fonts.googleapis.com” or “fonts.gstatic.com
If you have a website using these systems Wordpress, Magento or Joomla! use and not solve this problem as described here If you can solve it yourself, please get in touch.
We also check your website to see if Google Fonts are loaded externally via the Google API or Google Static.
Be the first to leave a comment!