This information is included in the report of the Google Fonts Checker - No registration necessary, results are displayed directly!
If you have run our free Google Fonts Checker / Google Fonts Test for your website, you will get a detailed listing of which files and fonts from Google you embed on your site. The Google Fonts Checker Report from CCM19® contains the following information:
- Listing of Google Fonts used on your site that can lead to warnings.
- Listing of files (CSS / JS) that integrate these Google Fonts and may also lead to warnings.
- Specific help on how you can integrate the fonts locally and solve the problem with it.
- Links to plugins you can use to embed the fonts locally.
- More information about critical embeddings that are subject to the same problem and may lead to further warnings later on.
If you have any questions about the report of our Google Fonts Check, just ask us for a short assessment without obligation. Here you can see a small excerpt from the report.
All statements on legal topics on these pages and in the report are of course no legal advice, but our opinion on these topics. For legal advice, please contact a lawyer you trust.
- This information is included in the report of the Google Fonts Checker - No registration necessary, results are displayed directly!
- What is a Google Fonts Checker / Google Fonts Scanner / Google Fonts Test?
- Do you use Google Fonts on your website? Find out - with the Google Fonts Check from CCM19
- Can Google Fonts be blocked by Consent Banner?
- Why do you need the Google Fonts Checker?
- How expensive can privacy violations with Google Fonts become?
- Why use the Google Fonts Checker from CCM19?
- How does the Google Fonts Checker work?
- Who currently needs the Google Fonts Checker?
- How do I know if I am using Google Fonts?
- Google Fonts warning / payment request - what to do?
- "Google Fonts" - what is that?
- How are Google Fonts integrated?
- Google Fonts - Data protection background / DSGVO - Google Fonts Checker
- Are Google Fonts DSGVO compliant?
- What exactly did the Munich Regional Court decide on the subject of Google Fonts?
- Here is the solution - Google Fonts on your own server
- How do you get the files onto your site?
- Embed Google Fonts in your website
- Local integration via plugin for CMS / Shop systems
What is a Google Fonts Checker / Google Fonts Scanner / Google Fonts Test?
A Google Font Checker is a software that calls your website or your online store via a headless Chrome and finds out in this way whether you load fonts from a Google server and you are therefore subject to a warning risk.
With the help of intelligent algorithms all files and links are examined. Only the data and links are output in the report, which carry out integrations of web pages of Google. In this way, the Google Fonts Checker reliably filters out all font embeddings.
Do you use Google Fonts on your website? Find out - with the Google Fonts Check from CCM19
Google offers a great service with the free Google Fon ts, with which you can use outstanding fonts for your website free of charge. Unfortunately, the system has a catch - data is transferred to the USA.
Background: Every time you call up a file / page on the Internet, at least your current IP address is always transmitted. This is absolutely necessary for technical reasons - without this principle the internet would not work. However, the transfer of this data to the USA is currently unfortunately very problematic for various legal reasons.
The transferred IP address is a personal data in the sense of § 12 para. 1 and 2 TMG - this is quite new, but since recently valid for all website operators. In addition, Art. 4 No. 1 of the DSGVO comes into play here.
On this basis, the Regional Court of Munich has ruled (LG München, Urteil v. 20.01.2022, Az. 3 O 17493/20): Anyone who uses Google Fonts on a website without the consent of the users violates their personal rights. And that can be expensive!
The scan of your website is of course free of charge and if you have any questions about your Google Fonts report, you are always welcome to contact us.
Can Google Fonts be blocked by Consent Banner?
Unfortunately, this is not technically possible. Modern browsers download various resources they encounter during loading in parallel before they are even executed or used. This means that e.g. font files from Google are loaded in parallel with the script of a Consent banner, i.e. long before the Consent script can be executed.
The only possibility is to load the font files after a Consent via the Consent banner, but this has the glaring disadvantage that many visitors will then see the wrong fonts if they do not agree to the use of the fonts. In this case, local playout, as described below, is the only sensible and reliable way.
Why do you need the Google Fonts Checker?
You need a Google Fon ts Checker to find out if your website or online store uses fonts from Google AND loads these files from Google pages. The Google Fon ts Checker shows you if exactly this happens. If you force your visitors to transfer IP and other data of your website visitors to Google this way, it can lead to bigger legal problems.
How expensive can privacy violations with Google Fonts become?
The Google Fonts themselves are free of charge, of course, which is how Google offers these fonts. The fonts from the Google Fonts catalog are released under different licenses, however, each license gives you the ability to use them on any website, both business and personal. You can find more information in the Google FAQ: https://developers.google.com/fonts/faq
However, various cost notes are currently circulating, which are sent to companies and website operators. These involve payments of 100 EUR or more, if a lawyer has also been called in. Even if these demands are probably not really legally tenable (that seems to be the published opinion at the moment), there are still costs involved. Use our free Google Fonts Check to find out if you have a problem there.
Alone the processing time that arises to handle the letter, possibly legal advice, etc., all these are costs that you should save yourself. You may be able to recover the costs in EUR, but no one can pay you back for the time.
Why use the Google Fonts Checker from CCM19?
The Google Fonts Checker from CCM19 does not only show you if you use Google Fonts on your website, but also:
- Which fonts these are exactly
- Which URLs are used to integrate them
- Where exactly you can find a download for these fonts
- And there are detailed hints on how to integrate them
- In addition, other typical warning and DSGVO RIsiken with tested.
How does the Google Fonts Checker work?
Technically, the process is not really complex. The basis for the processing is a headless Chrome, which we run on a special server in our clusters. Now, when you enter your domain at the top of the query form, the following happens:
- Your domain is checked for sense and formal correctness.
- The request script passes the domain to the crawling server in the background.
- The crawling server starts a Headless Chrome instance in the background, calls the page in Headless Chrome and waits a few seconds until all scripts and files are loaded.
- Afterwards all data from the call of the Headless Chrome are queried by script, processed and temporarily stored in a database (5 minutes, then the entry expires). Here you will also find all loaded resources like the calls of Google Fonts files from the Google server.
- The data is returned to the waiting form and prepared there
- There is an output of the prepared data.
Used technologies are PHP, JS, HTML, MySQL, Linux Server, Headless Chrome.
Who currently needs the Google Fonts Checker?
According to Builtwith, there are currently 2.5 million website operators in Germany alone who use the Google Fonts API and embed Google Fonts directly. Many large providers are affected as well as very many small providers. If you want to be sure - use the CCM19 Google Fonts Checker!
Regarding the demand and warning letters, it is probably the smaller providers that will be contacted here, because less resistance is expected here.
How do I know if I am using Google Fonts?
There are several ways to find out if you are using Google Fonts on your website. In principle, it is not important whether you use them, but how you use them. The integration is what matters. If you have always used Google Fonts locally and have not fetched the data from Google servers, then you are fine for the time being and can put the topic on file.
To find out now if you are loading them directly from Google, you can either use our Google Fonts Checker (spoiler: this is the easiest way) - or open your website in your browser, right-click on your page in the browser and click "Examine" in the menu that pops up. Next, perform the following.
- Click on the tab "Sources" or in German "Quellcode".
- Look in the window on the left if it says fonts.googleapis.com.
- Check if fonts.gstatic.com appears there.
If both entries are visible, your site loads the fonts directly from the Google server, then there is an acute need for action.
Google Fonts warning / payment request - what to do?
If you have now been caught before you could change anything, it will be time-consuming, no matter how you turn it around. In any case, you should use our Google Fonts Checker in the first step to find out whether this is true at all. If you currently read through the published opinion of various specialist lawyers on this topic, you will not yet find a unified opinion. Some parties are of the opinion that one should simply pay (and of course remove the cause), so that the issue is as quickly as possible off the table. Others are of the opinion that no damage can have occurred at all, or that the transfer of the data to Google was even deliberately triggered in order to implement the letter.
There are no other direct rulings on this topic, but others, such as the preliminary ruling on Cookiebot, suggest the same direction. How and whether there will be further judgments is, from our point of view, open.
If you have received a letter, take a deep breath and then entrust it to a specialist lawyer who can deal with this issue. Either way, costs will be incurred. Of course, you can also sit out the letter and simply ignore it, but we do not recommend that.
"Google Fonts" - what is that?
Google has been providing free fonts (English for fonts) to anyone interested and thus to every website operator since 2010. You can integrate them free of charge into your own website and thus also use them for your own layout.
This solved a common problem that used to exist with websites: If a website was designed with a font that was not available on every computer, it either had to be downloaded separately or purchased at a high price.
By providing free access, Google has made it possible for many website operators to use modern and elegant fonts for their own site without incurring horrendous costs due to font licensing fees.
Because Google also offered these fonts directly for download and integration via a CDN, many operators could do without hosting these fonts themselves. Find out if this is the case for you with our Google Fonts Checker. At that time, this method even contributed to a better loading time. However, modern browsers work differently, so this advantage is now irrelevant and in many cases even counterproductive.
How are Google Fonts integrated?
Basically, there are two ways to use Google Fonts. The first way is via your own website. In this case, the fonts are downloaded from Google Fonts and stored locally on your own server. There is no connection to the Google servers, because the fonts are no longer loaded from the Google servers. All files are stored on your own server.
The second way is the dynamic integration of the files directly from the Google server, how the integration is done can be seen on the right screenshot which comes directly from the Google Fonts page. We can find this integration with our Google Fonts Checker and show it to you.
Even if it is technical, these are the CSS instructions (CSS: language used to determine the design of web pages) that are executed every time a visitor calls your website.
These instructions cause the visitor's browser to connect to Google servers and download the font descriptions and associated font files from there.
Inevitably, data of the visitors is transferred in the process, technically it is not possible otherwise. First and foremost, it is at least the IP address, but a number of other data are also transferred during the call, which can then be combined with the IP address.
As a website operator, you "force" your visitors to pass on data to Google, although these visitors may not even want this or have not agreed to this transfer.
Google Fonts - Data protection background / DSGVO - Google Fonts Checker
Basically, the DSGVO is intended to protect the privacy of natural persons when processing personal data. Every person has the right to decide for themselves what should happen to their own data and who may have access to it.
For this reason, according to DSGVO, the processing of this data is generally prohibited, unless there is a reason or release provided for under DSGVO. These points are in the notorious Art. 6 DSGVO. Personal data also includes the IP address and this is precisely the source of the problem in connection with Google Fonts, which are embedded by the Google pages.
This is why, for example, the Munich Regional Court also wrote in the ruling that is so important on this topic:
"The dynamic IP address represents a personal data for a website operator, because the website operator has legal means in the abstract that could reasonably be used to have the person concerned determined with the help of third parties, namely the competent authority and the Internet access provider, on the basis of the stored IP addresses (BGH, judgment of 16.05.2017, Ref. VI ZR 135/13). It is sufficient for the defendant to have the abstract possibility of determining the persons behind the IP address. Whether the defendant or Google has the concrete possibility of linking the IP address to the plaintiff is irrelevant."
Since, as a rule, there is no consent of the visitors, no contractual relationship of any kind with visitors and also no other reasons justifying the data transmission, one may not use the Google Fonts in this way. Since local integration is also technically possible without any problems, there is no reason to transfer the data. So that you can check this at any time, we have provided you with the free Google Fonts Checker.
Are Google Fonts DSGVO compliant?
The dynamic integration of Google Fonts is not DSGVO-compliant without the visitors' consent - it is best to check the integration directly with our Google Fonts Checker. Website operators owe cease and desist and damages - at least according to the LG Munich, ruling of 20.01.2022, Az. 3 O 17493/20. To what extent this also applies to other US services is currently still open, but it can be assumed that this also applies.
In the view of the court, the question of whether a GDPR violation must have reached a certain materiality in order to justify the award of damages is not relevant. The loss of control associated with the transfer of data to Google and the individual discomfort felt by the plaintiff as a result were so significant that this justified a claim for damages.
So the answer is clearly no.
What exactly did the Munich Regional Court decide on the subject of Google Fonts?
The dynamic integration of Google Fonts, without the consent of the users, violates their personal rights. This was decided by the Munich Regional Court (LG München, judgment dated 20.01.2022, ref. 3 O 17493/20).
In a legal dispute before the Munich Regional Court, the plaintiff defended himself against the defendant disclosing his own IP address to Google when he visits the website published by the defendant that uses Google Fonts.
Theuse of Google Fonts in this form is to be refrained from
The defendant is ordered to refrain from disclosing the plaintiff's IP address to the provider of a website operated by the defendant by providing a font of the provider Google (Google Fonts) when the plaintiff calls up a website operated by the defendant, upon notification of a fine of up to € 250,000.00 to be imposed for each case of infringement, in lieu of which the plaintiff is ordered to serve up to six months' imprisonment.
Disclosureof IP address without consent violates personal rights
LG Munich: The unauthorized disclosure of the plaintiff's dynamic IP address by the defendant to Google constitutes a violation of the general right of personality. The defendant's right to informational self-determination under § 823 (1) BGB was affected. The plaintiff had not consented to the encroachment in accordance with Section 13 (2) of the German Telemedia Act (TMG), old version, Article 6 (1) (a) of the General Data Protection Regulation (GDPR).
IP address is a personal data
The forwarded IP address represents a personal data in the sense of § 12 para. 1 and 2 TMG (in the version applicable at the time of forwarding), § 3 para. 1 Federal Data Protection Act and Art. 4 no. 1 DS-GVO, because the website operator has legal means in the abstract that could reasonably be used to have the person in question determined with the help of third parties, namely the competent authority and the Internet access provider, on the basis of the stored IP addresses (BGH, judgment of May 16, 2017 - VI ZR 135/13). It is sufficient for the defendant to have the abstract possibility of determining the persons behind the IP address. It does not matter whether the defendant or Google has the concrete possibility to link the IP address with the plaintiff.
Use of Google Fonts is possible without data transfer to Google
There is also no justification for this encroachment on the plaintiff's general right of privacy. A legitimate interest of the defendant within the meaning of Art. 6 (1) f) DS-GVO, as claimed by the defendant, does not exist, because Google Fonts can also be used by the defendant without a connection to a Google server being established when the website is called up and a transmission of the IP address of the website user to Google taking place.
Risk of repetition is given
In addition, the plaintiff was also not obliged to disguise his IP address before calling up the defendant's website. The court also affirmed a risk of repetition. The risk of repetition is not eliminated by the fact that the defendant now uses Google Fonts in such a way that the IP address of the website visitors is no longer disclosed to Google. The risk of repetition can only be eliminated by a cease-and-desist declaration with a penalty clause.
Data protection level in the USA not adequate
The LG München awarded the defendant damages under Art. 82 (1) DS-GVO. Whether the materiality threshold had been exceeded in the case of the immaterial damage in question was irrelevant. The associated encroachment on the general right of personality is so significant with regard to the plaintiff's loss of control over a personal data to Google, a company that is known to collect data about its users, and the individual discomfort felt by the plaintiff as a result that a claim for damages is justified.
It must also be taken into account that it is undisputed that the IP address was transmitted to a Google server in the USA, whereby an adequate level of data protection is not guaranteed there (see ECJ, judgment of July 16, 2020 - C-311/18 (Facebook Ireland u. Schrems), NJW 2020, 2613) and that the liability arising from Article 82 (1) of the GDPR is intended to prevent further infringements in a preventive manner and to create an incentive for security measures. The amount of damages claimed is appropriate in view of the severity and duration of the infringement and is not contested by the defendant.
Here is the solution - Google Fonts on your own server
In principle, there is only one sensible way how you can prevent the integration of the fonts directly via Google. Without compromising on speed and privacy, you can store the fonts / Google Fonts on your server and make them available to your visitors from there. Here we explain how this works and you also get all the technical details directly matching the fonts you use!
Google offers the possibility to download the fonts and store and install them on their own server. This is explicitly allowed by the used license - without additional costs! You can use the font files on any website, both business and private. You can find more information in the Google FAQ: https://developers.google.com/fonts/faq
How do you get the files onto your site?
The integration is done in two steps. In the first step, you download the necessary files from Google and then save them in your web space on your server.
Do you need help?
If this is too technical for you or if you don't manage your site yourself, feel free to contact us directly - we are very happy to help you, the effort for the adaptation is usually within manageable limits.
Click here for the request form.
The best option for a complete download of all necessary files is currently the google-webfonts-helper by Mario Ranftl. With this service you can not only simply choose the font and font size that fits your website. You also get the matching CSS code and all required font formats. And all that on one page. Further down the results page, you'll find a list of links to the fonts you use. You don't have to search for anything!
On the google-webfonts-helper page itself, you'll find a big download button where you can download the font files you need. Press this button to download your used font files.
After the download, copy all unzipped (important!) font files to your server with your FTP program. Please remember the path / folder where you saved the files, you will need them in the next step!
Embed Google Fonts in your website
To make the font files / fonts available on your website, i.e. to make sure that the fonts are used, you need to adjust your CSS files or theme. So for all the fonts you need, copy the CSS code that is shown to you on google-webfonts-helper. Example for the font Roboto, analogous you proceed also for all further fonts:
Of course, you have to make sure that the used path is correct (which you have noted above), otherwise the fonts will not be loaded.
However, on google-webfonts-helper there is also the possibility to specify the path to the directory.
Local integration via plugin for CMS / Shop systems
For some CMS / Shop systems there is the possibility to integrate fonts locally directly or to prevent the call of Google Fonts directly. For most systems, however, you have to actually do it manually and edit data in templates. As an example we have listed some Wordpress plugins.
Wordpress
- Plugin Embed Google Fon ts (please note that some themes / themebuilders do not handle this correctly)
- Disable and Remove Google Fonts
- Host Web Fonts Local