GDPR/DSGVO (Germany): Embed fonts locally


#1

Hi,

There have been some discussions about the GDPR on here already. It turns out that embedding of Google fonts from external severs probably wont not comply with this new policy – since it is expected (at least in germany) that lawyers are already sharpening their pencils to submit cease-and-desist letters, we would really like our beautiful Blocs-build websites to comply with the GDPR.

Would it hence be possible to embed local fonts (i.e. previously downloaded from Google and hosted locally)? It would be really great if you could add this feature, probably a lot of the European Blocs users would appreciate this, as well!

We are very happy that most of the frameworks Bloc is using are already local, Google fonts seem to be the missing piece :slight_smile:

Many thanks and with best regards!


#2

Hey Uwe, for germany, you can use https://www.e-recht24.de/muster-datenschutzerklaerung.html
the google web fonts are integrated into the privacy statement.

however, the possibility would be great.


#3

You first have to ask for the users permission to load fonts from Google CDN servers.


#4

This is the data protection text in german:

"Google Web Fonts
Diese Seite nutzt zur einheitlichen Darstellung von Schriftarten so genannte Web Fonts, die von Google bereitgestellt werden. Beim Aufruf einer Seite lädt Ihr Browser die benötigten Web Fonts in ihren Browsercache, um Texte und Schriftarten korrekt anzuzeigen.

Zu diesem Zweck muss der von Ihnen verwendete Browser Verbindung zu den Servern von Google aufnehmen. Hierdurch erlangt Google Kenntnis darüber, dass über Ihre IP-Adresse unsere Website aufgerufen wurde. Die Nutzung von Google Web Fonts erfolgt im Interesse einer einheitlichen und ansprechenden Darstellung unserer Online-Angebote. Dies stellt ein berechtigtes Interesse im Sinne von Art. 6 Abs. 1 lit. f DSGVO dar.

Wenn Ihr Browser Web Fonts nicht unterstützt, wird eine Standardschrift von Ihrem Computer genutzt.

Weitere Informationen zu Google Web Fonts finden Sie unter https://developers.google.com/fonts/faq und in der Datenschutzerklärung von Google: https://www.google.com/policies/privacy/."

This is what I ll do.


#5

Yeah, I certainly know what you are referring to.

There is definitely not a clear consensus if this is fine, because even before the website user is able to read that (privacy) statement, the IP address is already transferred to Google.


#6

I understand that. what will you do?


#7

I am not using Google Fonts.


#8

Do you embed the font with a code in the header (@font-face {)?


#9

Either use a web safe font like Helvetica, or integrate your fonts by yourself (e.g. with help of https://google-webfonts-helper.herokuapp.com/fonts) and write your own CSS to style your text.

I don’t see another way, maybe @Norm will add the feature to reference a Google Font Face name for a text bric, but not download it automatically and leave the integration to the web designer.


#10

to embed the font with my own css is not the problem. but blocs integrates the google fonts automatically. How can I prevent this?


#11

Dear Ralf and Jannis,

Thanks for your replies. We initially thought of amending the privacy statement, but as jannis said, there is a good chance this wont be enough.

If I were to add the fonts manually, am I right to think that I would be able to include the corresponding css files directly in Blocs without having to fiddle around with the exported source in the end?


#12

As @InStacks suggested, something like a new Embed Font Bric would be a good solution with an option inside the Embed Font Bric to disable downloading any Google Fonts might be a workable solution.

The difficulty that I see is the possible support issues that could be created so a good video tutorial would help greatly and use of a fallback font if the user font download and storage goes wrong.


#13

what happen with the fonts files when I put it in the new feature in blocs?


#14

In addition it would be handy if Blocs could store Font Awesome icons locally instead of CDN delivery, to become GDPR compliant on FA icons.


#15

What was the directory called that you added?


#16

It already does, the only thing not local is Google fonts.


#17

You should shout about this. Looks like Blocs is leading the way on GDPR compliance.


#18

hi norm, i didn’t add a directory. I added a code in the head section for local fonts. but the css refer to google fonts.


#19

in the EU we ll get a problem with blocs :frowning:
there is a second point. in a form I can’t add a checkbox that is required. I have to use a checkbox for the agreement to send the data.


#20

Really?
I didn’t know. Checkbox means Captcha?