GDPR/DSGVO (Germany): Embed fonts locally

aadr · May 1, 2018, 10:47am

Hi,

There have been some discussions about the GDPR on here already. It turns out that embedding of Google fonts from external severs probably wont not comply with this new policy – since it is expected (at least in germany) that lawyers are already sharpening their pencils to submit cease-and-desist letters, we would really like our beautiful Blocs-build websites to comply with the GDPR.

Would it hence be possible to embed local fonts (i.e. previously downloaded from Google and hosted locally)? It would be really great if you could add this feature, probably a lot of the European Blocs users would appreciate this, as well!

We are very happy that most of the frameworks Bloc is using are already local, Google fonts seem to be the missing piece

Many thanks and with best regards!

RME · May 1, 2018, 11:01am

Hey Uwe, for germany, you can use Datenschutzerklärung kostenlos & DSGVO-konform erstellen
the google web fonts are integrated into the privacy statement.

however, the possibility would be great.

Jannis · May 1, 2018, 2:08pm

You first have to ask for the users permission to load fonts from Google CDN servers.

RME · May 1, 2018, 2:15pm

This is the data protection text in german:

"Google Web Fonts
Diese Seite nutzt zur einheitlichen Darstellung von Schriftarten so genannte Web Fonts, die von Google bereitgestellt werden. Beim Aufruf einer Seite lädt Ihr Browser die benötigten Web Fonts in ihren Browsercache, um Texte und Schriftarten korrekt anzuzeigen.

Zu diesem Zweck muss der von Ihnen verwendete Browser Verbindung zu den Servern von Google aufnehmen. Hierdurch erlangt Google Kenntnis darüber, dass über Ihre IP-Adresse unsere Website aufgerufen wurde. Die Nutzung von Google Web Fonts erfolgt im Interesse einer einheitlichen und ansprechenden Darstellung unserer Online-Angebote. Dies stellt ein berechtigtes Interesse im Sinne von Art. 6 Abs. 1 lit. f DSGVO dar.

Wenn Ihr Browser Web Fonts nicht unterstützt, wird eine Standardschrift von Ihrem Computer genutzt.

Weitere Informationen zu Google Web Fonts finden Sie unter Frequently Asked Questions | Google Fonts | Google Developers und in der Datenschutzerklärung von Google: https://www.google.com/policies/privacy/."

This is what I ll do.

Jannis · May 1, 2018, 2:19pm

Yeah, I certainly know what you are referring to.

There is definitely not a clear consensus if this is fine, because even before the website user is able to read that (privacy) statement, the IP address is already transferred to Google.

RME · May 1, 2018, 2:20pm

I understand that. what will you do?

Jannis · May 1, 2018, 2:21pm

I am not using Google Fonts.

RME · May 1, 2018, 2:22pm

Do you embed the font with a code in the header (@font-face {)?

Jannis · May 1, 2018, 2:33pm

Either use a web safe font like Helvetica, or integrate your fonts by yourself (e.g. with help of https://google-webfonts-helper.herokuapp.com/fonts) and write your own CSS to style your text.

I don’t see another way, maybe @Norm will add the feature to reference a Google Font Face name for a text bric, but not download it automatically and leave the integration to the web designer.

RME · May 1, 2018, 3:07pm

to embed the font with my own css is not the problem. but blocs integrates the google fonts automatically. How can I prevent this?

aadr · May 1, 2018, 3:12pm

Dear Ralf and Jannis,

Thanks for your replies. We initially thought of amending the privacy statement, but as jannis said, there is a good chance this wont be enough.

If I were to add the fonts manually, am I right to think that I would be able to include the corresponding css files directly in Blocs without having to fiddle around with the exported source in the end?

webdeersign · May 1, 2018, 3:13pm

As @Jannis suggested, something like a new Embed Font Bric would be a good solution with an option inside the Embed Font Bric to disable downloading any Google Fonts might be a workable solution.

The difficulty that I see is the possible support issues that could be created so a good video tutorial would help greatly and use of a fallback font if the user font download and storage goes wrong.

RME · May 1, 2018, 3:19pm

what happen with the fonts files when I put it in the new feature in blocs?

webdeersign · May 1, 2018, 3:31pm

In addition it would be handy if Blocs could store Font Awesome icons locally instead of CDN delivery, to become GDPR compliant on FA icons.

Norm · May 1, 2018, 4:06pm

What was the directory called that you added?

Norm · May 1, 2018, 4:07pm

It already does, the only thing not local is Google fonts.

webdeersign · May 1, 2018, 4:08pm

You should shout about this. Looks like Blocs is leading the way on GDPR compliance.

RME · May 1, 2018, 4:53pm

hi norm, i didn’t add a directory. I added a code in the head section for local fonts. but the css refer to google fonts.

RME · May 1, 2018, 4:55pm

in the EU we ll get a problem with blocs
there is a second point. in a form I can’t add a checkbox that is required. I have to use a checkbox for the agreement to send the data.

Bootsie · May 1, 2018, 5:00pm

Really?
I didn’t know. Checkbox means Captcha?