GDPR/DSGVO (Germany): Embed fonts locally


#21

This is all a bit of a “storm in a teacup”. The only time you have to be GDPR compliant is if you collect, store or process information that uniquely identifies the site visitor. In the case of Google Fonts, you are not doing any of those things. However, if it can be proven that Google are collecting, storing and processing such information from your website users, it is they who would be in breach of the regulations.

My own lawyers spelt it out to me in words of one syllable - if you don’t collect store or process such information, you have nothing to worry about. The fact is that the authorities in Europe are not going to bring legal action against the millions of website owners who use google fonts in their websites. Furthermore, there are no legal precedents to suggest that such legal actions could be taken.

If you really wanted to be pedantic about this issue, you should have a welcome page on your website that states that:

By using this website you specifically agree that certain information about your browsing habits may, inadvertently, be passed to Google. Facebook, Pinterest, Linkedin, or the plethora of other third-party websites that we may link to or, who may provide content to make this site work, either now or in the future. Furthermore, we accept no responsibility for any third party tracking codes that may be implanted on your computer by third parties during your endeavour to find this site, including, but not limited to, search engines belonging to Google, Yahoo, MSN, Bing or any others that may appear in the future. All we are saying is that THIS website will not collect, process or distribute to others any information that may personally identify you without your explicit consent. If you do not agree with this, please bugger-off and go somewhere else.

Now, that isn’t rocket science is it?

What you should be concerned about is forms. All you need to do is put an UNCHECKED checkbox on your forms which states that the site visitor agrees to receive a response to their enquiry, or be added to a mailing list or whatever the form relates to. If you do that, you’re covered. Why make the issue a bigger problem than it needs to be?


#22

Hi hendon52,

Turns out Google is shifting all the responsibility to the website owners, https://www.google.com/about/company/user-consent-policy.html,
so I would not expect that one would be able to blame Google in case someone is complaining your are sharing their IP-address with google by embedding fonts etc … I guess it is better to be safe than sorry/have some legal precedence.

… it is not only about the authorities, is it?


#23

no not a captcha. the client should be confirm the data transport with a checkbox.
(i am agree with sending my data )


#24

Hi Ralf,

I think there was a thread a couple of days ago about the checkboxes (a portugese guy, if i recall correctly), and Norm was saying that he added this to his to-do list already.


#25

You ALWAYS have to be GDPR compliant.


#26

Yeah I’m working on the checkbox issue. I’m also adding an option to use 3rd parties to process forms such as formspree.

I should hopefully have everything in before the 25th :+1:


#27

third party is nice to have, but not important to me. there are more important things to do :slight_smile:
Thanks for your very good job. I :heart: Blocs!


#28

Any chance we’ll see a solution in Blocs for the Google fonts before May 25th? I’m dying of stress and boredom discussing GDPR with web clients. They want to hold me personally liable, even if they do something wrong themselves and I suddenly seem to be responsible for crafting their legal text.


#29

I’m hoping as many “standard faire tools” are included as part of Blocs. That way we have the knowledge of the best integration and support without having to spend more dollars on external extra supplies.
Those third party add on deals can add up fast to be hundreds of dollars. This isn’t for fancy stuff either it’s just for things we need. Please Keep this in mind. Make Blocs excellent.


#30

I’m not sure, I will try but it’ll take some work. IMO if your clients aren’t taking responsibility it’s really simple, they get Helvetica. IE don’t use google fonts.


#31

That’s what was good and bad about typekit


#32

Yeah it’s getting a bit silly. They are suddenly treating web designers like legal consultants and insisting that any legal text we include ticks every box for any feasible eventuality.


#33

Don’t let clients take advantage. If I buy a car from Audi, if I get caugh speeding that’s my fault not Audi. You’re building a product and it’s technically their property, you need that in your T&C’s


#34

What I might do is publish a knowledge base post covering how to switch to local fonts after export.

I honestly think google will fix this at their end. Otherwise Google fonts will stopped being used??


#35

That’s a very good analogy with the Audi comparison.


#36

How should Google be able to solve that? Already the way of “loading something from another server” isn’t really allowed, before you ask the website visitor you are allowed to do so.

Looks we are thrown back into Stone Age of web design…


#37

Hi Norm, this would be a great fix!

In the medium/long-term, the possibility to add local fonts would be really awesome, also just to decrease the general dependency on Google (and you could advertise to be 100% GDPR-compliant, as someone wrote above :slight_smile: )

Not sure if google has an interest/any means to fix this. [I generally wonder what’s their motivation to maintain the Google fonts service in the first place, I don’t see how this would tie in with their general business model/strategy?!]

Keep up with the great work! Blocs rocks!


#38

Not the Stone Age. This will be called the Brussels age of web design and it’s a scary place.


#39

So will tweet and facebook like buttons break this rule? I mean they load content from another domain via an iframe.

CDN and embed content is going to die.


#40

From what I have gathered, yes, they do, in some cases, even by older polices. There has been a german court ruling in 2016 that the Like-Button may not be used:

Apparently one way around is to include a button that activates the share buttons …