Earlier this month, a German court fined a corporate website for leaking visitors' IP addresses via Google Fonts.
The city courthouse of Munich decided that the website using Google Fonts had passed the user’s IP address to Google. It happened without authorization and without a legitimate reason for doing so. As a result, it violated Europe’s General Data Protection Regulation (GDPR).
Improper use of Google Fonts can ruin your business.
According to § 823 Para. 1 BGB, this case violates the right of the individual to disclose and determine the use of their personal data.
This rule suggests that the website needs to stop providing IP addresses to Google.
The EU GDPR sets a maximum fine of €20 million (about £18 million) or 4% of annual global turnover of any established company for infringements, whichever is greater.
One of the best ways to prevent GDPR fines is to use a service that checks websites for GDPR violations and provides a professional team that knows how to fix these issues. A company I co-founded provides such services. We are a group of privacy practitioners and software professionals that knows how to fix GDPR violations.
GDPR violation happens in the following case:
The violation is in step 3. Internet browsers disclose users' IP addresses to the US Internet giant. This kind of hot-linking is normal with Google Fonts. The issue here is that the visitor is not giving his explicit permission to share the IP address.
The decision states that Google can theoretically identify the person associated with the IP address. As a result, IP addresses represent personal data. It’s irrelevant whether Google has actually done so.
Knowing that Google Fonts are widely deployed and Google Fonts API is used by about 50 million websites it is important to comply with the best privacy practices. GDPR has extraterritorial scope. Basically, any website can face GDPR violation problems. That means, if you are running a business in New York and your visitors are from Europe, you can break GDPR laws. This GDPR violation exists when using different services and not only Google Fonts.
Instead of relying on fonts hosted by Google Fonts, you will need to host the font files on your website.
You can use the Google Fonts website to download the required fonts files and upload the files to the ‘/fonts’ directory of your website. After that, you will need to modify your website’s HTML files to use the correct font URLs. To do this, you need to know a little HTML kung-fu.
Our team can fix your website’s HTML code and provide world-class service. You can reach them at email@example.com.
https://privacybunker.io/ provides the service that scans websites for GDPR violations. The company monitors changes in GDPR rules and GDPR infringement cases on a daily basis. We do not share your report with any 3rt parties or authorities.
Privacybunker offers a daily check that includes:
It allows your business to always stay compliant.
During the promotional period website GDPR reports are provided for free.
Once your website report is ready and if no violations are found, you can display a special GDPR compliance badge on your website. This badge will improve your website conversion rate. You will get a simple code to display a badge on demand.
If the scanner detects any GDPR violation, you are welcome to contact Privacybunker’s support team. They will gladly help you to fix your website. You can reach them at firstname.lastname@example.org.
The service provides an API that generates a GDPR badge with the date of the last successful check.
For urgent questions, you are welcome to schedule a call with me: