Court rules against embedded fonts
In a recent ruling from a German Court in Munich, a website owner was ordered to pay �100 fine for the use of embedded fonts. The court ruled that the use of Google's embedded font service was in violation of the General Data Protection Regulation (GDPR). The court ruled that the plaintiff's IP address was transferred without consent via the Google Fonts library. The ruling read as follows:
Dynamic IP addresses represent personal data for the operator of a website because, in the abstract, he has the legal means that could reasonably be used to, with the help of third parties, namely the competent authority and the Internet access provider, identify the person concerned based on the stored IP – to have addresses determined
What is the Google Font Library
The Google Font Library is a collection of online fonts that can be used when publishing a website. Since the font library is hosted online, this allows a website to use fonts from the online library and ensure they are presented to the visitor properly, even if the visitor doesn't have the particular font on their local computer. The font is retrieved from the online library and the website is viewed by the visitor just as it was intended when designed. This can be extra important to a major company or entity who may have a brand image to present and wants to ensure it represented in a consistent way for all visitors.
Google Font Library isn't the only service out there, others such as Font Awesome and Adobe Fonts are popular options. Outside of the obvious cosmetic benefits of leveraging such services, these services are hosted on incredibly powerful distributed networks, provided in many cases for free. It could easily be argued that these services (among others) have done much to build the modern web we are familiar with and shaped the way it looks. Access to these tools and services has given web developers and everyday personal website owners the ability to create eye catching designs, available to everyone.
The Suggestions
As a response to the court's ruling, I saw numerous posts suggesting appropriate fixes. These included either building your website to rely soley only the client's built-in fonts or hosting fonts locally. The first solution I strike immediately, for any company wishing to enforce their brand identity, relying on clients to have your suggested fonts and design elements on their local computer isn't an option. The second option is for web developers to build websites that host these resources locally, thus not redirecting client traffic to a 3rd party. For professionally developed and managed websites, this is a straight forward solution. Full disclosure, this is the option I've selected on this website for compliance sake.
The Problem
The internet is filled with countless personal websites, blogs, dancing penguins and other websites that are not created by professionals. That is what makes the internet such a great place, it has given everyone the opportunity to make their own digital footprint. These people are not and can not be expected to understand the complex web of policies defined by the GDPR. The GDPR is currently composed of 14 "key issues" sorted by topic/keyword which are explained in legalize in 11 chapters and 99 articles. Even for a professional, understanding this tapestry of changing regulations is a full time job and one only a legal team can ultimately understand.
I fear in an effort to "protect" ourselves we are ultimately restricting our own access to resources and opinions. As more court rulings fine the owners of websites, the publishers of personal websites and blogs will begin to disappear out of fear of compliance. They may do this by restricting access to geographic regions with friendlier regulations or not publishing at all. In an effort to regulate privacy are we actually supressing free thinking?