Security News > 2022 > February > German Court Rules Websites Embedding Google Fonts Violates GDPR

German Court Rules Websites Embedding Google Fonts Violates GDPR
2022-02-01 03:09

A regional court in the German city of Munich has ordered a website operator to pay €100 in damages for transferring a user's personal data - i.e., IP address - to Google via the search giant's Fonts library without the individual's consent.

The unauthorized disclosure of the plaintiff's IP address by the unnamed website to Google constitutes a contravention of the user's privacy rights, the court said, adding the website operator could theoretically combine the gathered information with other third-party data to identify the "Persons behind the IP address."

The violation amounts to the "Plaintiff's loss of control over a personal data to Google," the ruling read. Google Fonts is a font embedding service library from Google, allowing developers to add fonts to their Android apps and websites simply by referencing a stylesheet.

As of January 2022, Google Fonts is a repository for 1,358 font families.

The court noted that "Google Fonts can also be used by the defendant without a connection to a Google server is established and the IP address of the website user is transmitted to Google," effectively requiring websites to host the fonts locally.

The decision comes weeks after the Austrian Data Protection Authority ruled that the use of Google Analytics by a health-focused website called NetDoktor violates the GDPR regulation by exporting visitors' data to Google servers in the U.S., thereby opening the door for potential surveillance by the U.S. intelligence services.


News URL

https://thehackernews.com/2022/01/german-court-rules-websites-embedding.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 256 4320 4678 741 9995