When loading web pages, connections to Google servers are often established, because Google Fonts was used via a Google code. This results in personal data such as the IP address and other information of users being passed on to Google. For this reason, using Google Fonts without consent is not legally compliant, as sharing personal data without users' consent has been illegal since 2018.
How you can find out if you are using fonts or files from Google on your website, how you can perform a so-called DSGVO Check Google Fonts and what happens in case of warnings, we explain in the following article.
How can I find out if my website uses Google Fonts?
You can find out if your website uses Google Fonts by opening the browser's developer console via right-click and "Examine" or pressing "Ctrl" + "Shift" + "J". In the "Sources" or "Source Code" tab, you can now see what data is loaded to the web page.
You can see whether Google Fonts was used on the respective website under "Sources" (or "Source Code") by the server names "fonts.googleapis.com" and "fonts.gstatic.com". Alternatively, you can also look for "Google" or "Gstatic".
What is a Google Fonts Check?
A Google Fonts Check checks whether the fonts of the corresponding web page are loaded via a Google server. This happens whenever you do not store fonts on your server. To avoid warnings, you should perform such a test.
You can either perform this test yourself via the developer console, as mentioned above, or have it performed by a Google Fonts Checker. In the meantime, there are also plug-ins from WordPress that relieve you of the local storage of Google Fonts or that allow you to deactivate the integration of Google Fonts in order to prevent an unknowing disclosure of personal data.
Are there any DSGVO checkers for Google Fonts?
Yes, there is DSGVO Checker for Google Fonts. This is an online scanner that checks the legally compliant integration of fonts on websites. Some checkers also perform multiple checks to detect other servers such as Google Analytics or Google Tag Manager.
In case of the illegal integration, the checker will provide you with information in the form of a detailed report about further trade options to make your entire website compliant with the GDPR and escape a warning or penalty.
Note: Please make sure that the checker also searches the subpages of your website. Some checkers are set to check only the single page of the entered URL and not the data of the whole website.
Why do you need to check your website for Google Fonts?
You have to check your website for Google Fonts, because the ruling of the Munich Regional Court from January 2022 states that the integration of Google Fonts without the consent of the user is illegal, as this is against the Data Protection Act. Violations may result in penalties and warnings.
However, you can avoid this by embedding Google Fonts on your website in a DSGVO-compliant manner. To do this, you must first download the desired font and save it locally on your server. Now you can proceed with the integration of the font.
Now, when people click on your website, the fonts will be loaded from your server and not from Google servers. Thus, you can be sure that no personal data or information of users will be shared with Google.
What is the problem with Google Fonts?
The problem with improper integration of Google Fonts is that when users visit the respective website, their personal data is automatically passed on to Google. Google is based in the USA, which is why the data is forwarded directly to the USA.
As soon as users no longer have control over the extent to which their data and information is processed, the basic data protection right to informational self-determination is violated.
You are responsible for protecting personal data. If you do not do this, you must expect warnings. Google's Google Fonts service is free, but it violates all rules, laws and regulations.
What happens in case of Google Fonts violations?
If you integrate fonts such as Google Fonts via the Google Code on your website, you must expect a warning or even penalties, as you are thereby allowing personal data of users to be passed on to Google. You can be reported not only by law firms or companies, but also by private individuals if they find Google Fonts on websites.
These individuals eventually claim damages based on the unknowing disclosure of your IP address and the lack of consent to share your data and information. If the accusation is justified, i.e. the GDPR is violated and personal rights are infringed, you will have to pay.
Would you like to have your website checked for Google Fonts?
If you would like to have your website checked for Google Fonts, we recommend that you have this done by our decareto DSGVO checker. With our data protection audit, a quick check of your website is performed and also takes into account all subpages.
Our checker is cloud-based, which means you don't need to download any software and can get started right away - you can even test our checker for free. Security and customer protection are close to our hearts, which is why your data is stored on servers in Germany. If you decide not to use our service after the 14-day trial period, your data will of course be deleted.
Following the checker scan, you will of course receive a detailed report that records the results of the audit. If this audit reveals that the integration of Google Fonts on the website has indeed taken place or that the DSGVO has been violated in any other way, we will help you to solve this problem as quickly as possible.
If you would like more information on the subject of the DSGVO Check Google Fonts, on our data protection checker or if you have any other questions, please feel free to contact us by phone or send us an email.
Author: Eckhard Schneider