Problem/Motivation

There is a current court decision which says that traditional integration of Google Fonts is not compliant with data protection. Anyone who uses Google Fonts on a website without the user's consent violates the user's right of privacy. This was decided by the Munich Regional Court → https://openjur.de/u/2384915.html and we have been advised by our data protection expert to take this into account accordingly.

The court pointed out that Google Fonts can be used in general but only by hosting font files locally. Therefore we download all required font styles using https://google-webfonts-helper.herokuapp.com/fonts and embed the font files into our themes without the use of this module. And we disable this module for our customers until further notice.

Proposed resolution

Are there any plans resp. is it possible to save enabled font styles on the server where @font-your-face is installed?

Remaining tasks

I think the court decision could be relevant for other providers too.

Comments

rwam created an issue.

DavidAndersonENCSD’s picture

DavidAndersonENCSD CreditAttribution: DavidAndersonENCSD commented

One solution to this problem is to use fonts.bunny.net to serve Google fonts with privacy and GDPR compliance. See: https://fonts.bunny.net/about

rwam’s picture

rwam CreditAttribution: rwam commented

Another solution which we also suggest to our clients at the moment is to download a font using google-webfonts-helper and upload and set up them as a Custom Font.

JurriaanRoelofs’s picture

JurriaanRoelofs CreditAttribution: JurriaanRoelofs commented

In DXPR Theme we solved this by caching Google fonts in the public file system:

https://git.drupalcode.org/project/dxpr_theme/-/commit/14205370381c3aed8...

Advantages

  1. Instant fix for installed based when updating to next release
  2. No change in Google fonts functionality and workflow for theme users
  3. Compliance is now fully in client's control, I'm not a lawyer so I can't judge whether implementing "fonts bunny" can give the same assurance.
  4. Google Fonts only hosts open-source fonts, so no compliance worries there

Disadvantages

  1. Complexity of implementation
  2. The solution fails if the client's public file system is not set up correctly (e.g. permissions problems)

Edit: we wrote a blog post about this issue and why we think it's a critical issue: https://dxpr.com/drupal-blog/google-fonts-privacy-update-dxpr-theme