Data privacy problem - host your Google Fonts locally, or someone will try to fine you (Abmahnung)

[PandaMunich 16,575]

What?

In January 2022, a Munich court (Landgericht München) ruled that using Google Fonts the default way, i.e. by getting them from Google's server every time your website is loaded, is not in accordance with the EU's General Data Protection Regulation.

Now some lawyers looking to earn easy money have been sending out "cease and desist" orders combined with 100€ to 170€ fines because of this: https://www-ihk-de.translate.goog/koblenz/unternehmensservice/recht/aktuelles/google-fonts-5575216?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp

 

You can check whether your website is affected by entering its URL here, into the "Google Fonts Checker": https://sicher3.de/google-fonts-checker/

If the result is red, see below for the solution.

 

Solution:

There is a free Wordpress plugin called OMGF (Optimize My Google Fonts) programmed by Daan van den Bergh, a Dutch programmer, that will download the Google Fonts to your website, i.e. they will be hosted locally. 

Which means that these lawyers can no longer get to you.

• This plugin has been around a while, before these lawyers turned their attention to this matter.
  Its primary purpose was to reduce the loading time of your website, i.e. to make it faster.
  So while you're at, you can also measure the loading time before and after using the plugin by entering your URL here: https://speedvitals.com/

 

If you know German, here are the instructions in German, with screenshots: https://www.dirks-computerecke.de/wordpress-co/google-fonts-lokal-einbinden.htm

 

If not, it's really simple.

Go into your Wordpress dashboard and there, add the free OMGF plugin:

 

In the search field, enter: OMGF
and then, click on "Install Now" in the Pink OMGF plugin:

 

Then activate the OMGF plugin, by clicking on "Activate":

 

If you now look into your "Settings" menu on the left, you will find a new entry "Optimize Google Fonts", click on it:

 

Then click on the entry "Start optimization" that appears on the right:

 

After a few seconds, you will get this success message:

 

Confirmation that the problem was solved:

Now check whether you have really solved the problem by again entering your URL into the "Google Fonts Checker".

Either by going there directly: https://sicher3.de/google-fonts-checker/

or via Daan's website: https://daan.dev/docs/omgf-pro-troubleshooting/test-omgf-pro/

If the result is green, you're in the clear.

 

**********************************************************************************

 

Note: you need to repeat this "Optimize Google Fonts" step after every update of your website or of your Wordpress plugins, because that update may reset things to the Google Fonts being again downloaded from the Google server!

 

[LukeSkywalker 7,604]

Chuck Norris would deal with these “lawyers” in a different way 👻.

[vivanco 173]

23 minutes ago, PandaMunich said:

You can check whether your website is affected by entering its URL here, into the "Google Fonts Checker": https://sicher3.de/google-fonts-checker/

If the result is red, see below for the solution.

Looks like lots of websites are effected. Even toytowngermany shows red. 

[MikeMelga 7,251]

12 hours ago, vivanco said:

Looks like lots of websites are effected. Even toytowngermany shows red. 

You typed Toytown address there? Oh now we're in the baddies database

 

[travelerworker 116]

Hi,

those cease and desist don't need any legal  background to be sent.

For example, I can send you a letter of cease and desist of parking on a prohibited spot and threaten you to go to police if you don't stop...maybe you never did, that is irrelevant for the scammers, you get all scared by the letter and just pay.

Best advise to anybody receiving those letter is to put the in the bin and forget about the topic.

Good luck!

[scook17 247]

Does this issue not cover just about every website which has just about any advertising on it?

Google analytics for example.

The argument is therefore IP based advertising is prohibited by GDPR.

Isn't that just about every commercial site I can find on the internet?

 

[PandaMunich 16,575]

1 hour ago, scook17 said:

Does this issue not cover just about every website which has just about any advertising on it?

Google analytics for example.

The argument is therefore IP based advertising is prohibited by GDPR.

Isn't that just about every commercial site I can find on the internet?

Those cases, e.g. Google Analytics, are covered by your cookie policy, i.e. the data only gets collected after the visitor to that website has agreed to that, by saying "yes" on the cookie pop-up window.

 

However, if you now think that you can also just also ask for approval for the Google Fonts in your cookie policy, then I'm sorry to say that by then it is too late:

The text that website visitor will be reading as part of the cookie warning will already be in a Google Font, i.e. the breach of the GDPR happened before that person even has the chance to say "yes" or "no".

So you would need to delay the loading of the Google Fonts from Google's server until after they have agreed (which would mean the font would suddenly change, which may alarm people) and you would need a fallback font to use from the very start that continues to be used in case the person does not agree.

--> easier to just host the Google Fonts locally and not have to ask permission for using them at all.

 

Please also read: 

• https://daan.dev/blog/gdpr/google-fonts-violates-gdpr-germany/
• https://blog.runcloud.io/google-fonts-gdpr/
• https://usercentrics.com/knowledge-hub/google-fonts-gdpr-compliant/

[PandaMunich 16,575]

Some other ways to solve the problem: https://www.wpbeginner.com/wp-tutorials/how-to-make-google-fonts-privacy-friendly/

[scook17 247]

Seems, as a business or NGO, not one can trust such third party scripts/web applets and they should be immediately removed.

 

https://www.theregister.com/2022/10/20/health_group_says_tracking_pixel/

https://themarkup.org/pixel-hunt/2022/04/28/applied-for-student-aid-online-facebook-saw-you

 

In summary dumb web admins installing code for analytics which 'also' sent the content of submitted forms with sensitive user data in it!

 

I recently installed a 'GL-AXT1800' which is a plug in router that run 'AdGuard Home Block' which I got from Amazon. It's similar to another technology called 'Pi-Hole'. Useful for the devices where Google/Apple block the installation of ad blockers. Not perfect, but it can be used to filter out annoying social media buttons (trackers) for every device in the home/office.

 

Another tip would be to configure 'private DNS' for Android to point to dns.adguard.com web servers. Understand you trade one spy for another. Technologies which are local like 'Pi-Hole' are much more private. Solutions like AdGuard and uBlock Origin are just easy to setup, but being a service which is not local, still leaks data.

[Eric7 538]

I got one of these letters, as did one of my customers (a multi-billion $ global corporation).

 

I've taken my website down for now. As scook says, it's not just Google fonts which is a potential problem, any code calling a script or any other element from an outside source could theoretically be claimed by these scumbags to be a breach of privacy.

 

As far as I can tell, so far there has been a single case of this going to court and being ruled in favour of the claimant:
3 O 17493/20

The claimant was awarded €100 damages (for pain and suffering ) and the defendant also had to pay €90 costs. Seeing as there have been thousands of these letters sent out, and the data collection was very clearly done using a webcrawler script, it would be very easy to make a case against the claimant, Hr. Ismail, actually having endured any pain and suffering himself.

 

Lots of lawyers are trying to make a quick Euro by offering their services to "fight" the claim. That's just another side of the same scam imo.
This lawyer talks sense on the subject:
Max Greger

 

I'll be ignoring it for sure, at least until they actually make the effort to take me to court (which I'm 99.99% sure they won't).

[vivanco 173]

Acting like scammers. 

 

https://www.mopo.de/im-norden/schleswig-holstein/razzia-im-norden-wegen-betrugs-mit-google-verzeichnis/

 

Hope some sense prevails. 

[scook17 247]

Happened to come across this page recently, after installing adguard on my router.

https://whotracks.me/trackers.html

https://whotracks.me/trackers/google_fonts.html

 

Seems google 'fonts' track around ~22% of all website traffic.