Google Fonts is a quick way of loading custom fonts on our websites. However the service isn’t GDPR compliant and a company in Germany has been fined for using the font hosting service. Google Fonts has collected free to use fonts from across the internet and host them on their servers. This is a quick and easy way for web designers/developers to add custom fonts to a website. Unsurprisingly though with a free product from Google, they harvest IP addresses of who’s using the hosted fonts.
The GDPR fine was only €100 but the company was threatened with a much larger fine if they didn’t stop using Google Fonts and indirectly providing Google with IP addresses of its customers. Luckily it’s fairly straightforward to avoid the whole issue.
Does your website use Google Fonts?
How can you tell if your website uses Google Fonts? One way is to look for script tags by right clicking a page of your website in a web browser and ‘viewing source’. If you see code similar to this in the ‘header’ area of your website code, then you’ve got Google Fonts loading from Google’s servers.
<link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Mulish&display=swap" rel="stylesheet">
If you’re using WordPress there are also plugins that add Google Fonts to your site – these might be added by a page builder plugin too.
How to make Google Fonts GDPR Compliant
Solution 1: Load the fonts from your website
Download the fonts from the Google Fonts website and upload the files to your website. The free “Webfont helper tool” website can make this easier for you. It allows you to search for a Google font, choose the weights and browser support required and then download the font files and CSS code needed to run the fonts from your own server, instead of Google’s. No more GDPR problems!
Solution 2: Use an alternative font hosting service
While this isn’t strictly a way to make Google Fonts GDPR compliant, it’s a good way to use the same (or similar) free fonts without allowing Google to harvest website visitors’ IP addresses.
Bunny Fonts works in a very similar way to Google Fonts, but is completely anonymous according to their FAQ page. Changing the header code in your website to use Bunny Fonts instead of Google Fonts is quick and easy and solves the GDPR issue.
WordPress 6.2 Default Themes
Good to see the default themes from WordPress 6.2 locally hosts Google Fonts to avoid GDPR issues:
“Twenty Twelve to Twenty Seventeen now includes font files in the theme folder instead of loading fonts from a remote source (Google Fonts). This update ensures that the themes follow current recommendations for fonts from a privacy perspective.”
More info about WordPress 6.2 and fonts at https://make.wordpress.org/core/2023/03/09/wordpress-6-2-field-guide/
If you don’t fancy doing this on your own website we can help with either loading the Google Fonts from your own website, or switching to Bunny Fonts.
Google Fonts aren’t GDPR compliant and people have been fined for using them. We’ve shown you how to find out if your site uses Google Fonts and how to replace them with GDPR compliant fonts running from your own site or by using a similar font hosting service. Drop us a line if you need help!