In Austria, website owners and operators are currently a target of a wave of lawsuits. The reason is a possible violation of the General Data Protection Regulation (GDPR), if you are using Google Fonts – or rather if you use Google Fonts “incorrect”. This leads back to a court ruling in Munich (LG München I, Endurteil v. 20.01.2022 – 3 O 17493/20), which, however, has no validity in Austria according to the current status.
Lawsuits due to Google Fonts?
In July, there were the first reports of a lawsuit wave in Austria due to Google Fonts. Many companies received letters, where they were asked to pay 190 euros. Likewise, the letter is accompanied by a GDPR notice. The lawyer states that his client, Ms. Eva Z. has suffered immaterial damage by visiting the website and by knowing that Google Fonts are embedded and thus her IP address is transmitted to the USA. In doing so, he refers to the ruling from Munich, Germany, which is not yet valid in this country due to a pending decision by a court in Austria.
This is (in Germany), according to this ruling, the “dynamic use” of Google Fonts violates the EU GDPR because the IP address could be transmitted to the USA.
One would like to think: “Well, this is a valid problem after all, it must not be.” – and yes – in principle I agree with that. But in this case, for me it looks like this is a fully automated analysis and lawsuit.
Let’s be honest: I would claim 90% of websites use Google Fonts in some way (and are they just integrations of social media feeds). Here, however, it is important to distinguish whether these are dynamically integrated via “fonts.google.com” or locally via your own web server. The latter does not represent a violation of the GDPR.
However, if you read the posts on reddit as well as the comments of a lawyer, you will quickly realize that it is not possible to find out within seconds (the dwell time of the plaintiff on the websites) whether there is an offense here. So technically, it’s hard to do manually. But I leave it to my readers to interpret the comments and opinions from the community.
Fun Fact: Google does not store any IP Addresses based on the Google Fonts FAQ Page: “IP addresses are not logged.“
Technical Solution to remove Google Fonts
First of all, make sure you are really using Google Fonts on your website. You can easily validate this by using online tools like Google-Fonts-Checker | SICHER3 or Google Fonts Checker (54gradsoftware.de)
Additionally, I strongly recommend changing from “dynamic” include to local usage of Google Fonts. You can easily fix this in WordPress by using the Plugin called OMGF | GDPR Compliant, Faster Google Fonts. Easy.
A detailed overview in german is available at techniknews.net.
Support for affected persons
Are you affected by the lawsuit wave in Austria? Then you can get help online at “abmahnung.wtf“. Also, a few prominent lawyers and law firms have already spoken out. On the part of companies, there is support from the Chamber of Commerce. I advise private individuals who received the lawsuit to contact their own legal protection insurance, if possible. I recommend you comply with the enclosed letter of the GDPR “Right to be informed, Art. 15″. This is also recommended by the Austrian data protection authority in a recent statement. You should handle this separate from the lawsuit and make sure you do not miss the 30-day due date.
Based on the current information in the Austrian media, there are different opinions. “Attorney Lukas Feiler of Baker McKenzie, whom DER STANDARD interviewed on the matter, sees the situation less dramatically: “No damage results for the affected party from the transmission of an IP address to Google. The claim for damages is therefore unjustified. “ (Source: derStandard.at)
Of course, as there is always a second option: just pay the €190.- and you are fine 🙂
Below I have summarized further links and I will update this article again as soon as there is news in this case. You will find more articles about this topic soon in the Off-Topic area of my website.