In recent weeks and months, warnings to website operators about the use of Google Fonts have repeatedly made headlines. In this post, we'll explain to you what's behind it and how to protect yourself from a Google Fonts GDPR warning.

But first, from the beginning: What are Google Fonts?

Google Fonts is one of the web fonts and are fonts that can be integrated into websites and platforms. The difference to fonts, as you might know them from Word, is that they are not saved directly on your PC, but are available via external servers from the respective providers.

So far so good. But what is so problematic about that, you ask yourself?

In recent weeks and months, website operators have repeatedly received warnings, for example through complaints from private individuals. The reason: A violation of the General Data Protection Regulation, or GDPR for short.

These warnings ask the website operator to pay compensation of 100 euros. If they do not comply with the warnings, a fine of 250,000 euros will be due.

The background: If a visitor arrives at a website that uses Google Fonts, it can happen that the Visitor's IP address is automatically redirected to the servers of the web font provider — in this case Google Itself.

Since IP addresses are personal data, this data must not be forwarded to external servers without the visitor's consent. These results in a data breach.

So what can you do to avoid such warnings?

Step 1: Check your website for Google Fonts

If your website uses web fonts, you should check whether the IP address or other data of your visitors is forwarded. This can usually be viewed via the source code. Alternatively, you can contact the creator of your website or — if available — the data protection officer.

For a quick preliminary check, there is Free toolsto identify data protection deficiencies.

Step 2: Integrate Google Fonts locally

If you have integrated web fonts on your website, you should ensure that no data is automatically forwarded to external servers. One solution to this is to simply store the web fonts locally on your own server so that your visitors' data can only be forwarded within your network.

In this procedure, you only use Google Fonts statically, which means that no connection to Google servers is established. This is currently the most sensitive option in terms of data protection.

Instructions: How do I remove Google Fonts from Webflow (Coming soon)

‍