According to German and Austrian DSGVO law, we do not recommend using Google Fonts loading from Google Servers located in the US. The German court (in Jan 2022, LG München, Urteil vom 20.01.2022, Az. 3 O 17493/20) deemed this a violation of Europe’s GDPR (General Data Protection Regulation) because Google Fonts exposes the visitor’s IP address. 

The General Data Protection Regulation (GDPR) is a data protection and privacy law that was introduced by the European Union (EU) and came into effect on May 2018. Its main purpose is to strengthen and unify data protection for individuals within the EU and the European Economic Area (EEA).

What are Google Fonts?

Google Fonts is an interactive directory of over 1450 fonts provided by Google. This library is freely available and can be used both remotely and locally. They can be used commercially, and even include within a product that is sold commercially. A wide selection of fonts is available to customize your website and text. However, a faulty Google Fonts integration transmits the personal data of website visitors to Google (US), which is why there are privacy concerns.

EU Privacy law vs. Google Fonts

If you download the fonts you want and store them locally on your server, the fonts will be reloaded directly from your server when you visit the website instead of being downloaded online from Google servers. This way, no connection to Google servers is established and no data is sent to Google. With this integration, you are on the safe side and not affected by the ruling.
It only becomes critical if you use Google Fonts remotely and do not store them locally on your own server. In this case, individual fonts are not loaded from your server when the website is called up, but from Google servers. During this process, the personal data of the website visitors (including their IP address) is automatically transmitted to Google. This means that the respective website visitor no longer has any control over the processing of his or her data, which represents an unacceptable violation of general personal rights. Both you as the website operator and Google LLC are responsible for protecting the personal data of website visitors. If you do not do so, you will have to expect high warning costs due to DSGVO violations.

German court’s ruling threatens a fine (100€ - 400€ ) for each infringement case or, alternatively, six months imprisonment, if the site owner does not comply and continues to provide Google with IP addresses through their use of Google Fonts. According to LG München I, the local (self-hosting) method is unobjectionable under data protection law, since no data is sent to Google when Google Fonts are integrated locally. It means that you can still use Google Fonts but font files must be loaded from your website server (EU).

How to check if my website is using Google Fonts?

Here is popular evidence in HTML code that Google Fonts is used from a Google server, not yours (a local one). And such a view should worry German and Austrian webmasters & site owners who care about DSGVO privacy law. Each browser has the option to preview the site in Source Code mode, use it to confirm your assumptions.

You can also use the German Google Fonts Scanner from here: https://www.e-recht24.de/google-fonts-scanner

How to disable Google Fonts entirely

Inside SP Page Builder > Settings, you have a switcher that allows you to disable Google Fonts from use. That option will allow you to choose whether you want Google Fonts (and its HTML code) to load or not.

To avoid legal problems for European webmasters/editors we suggest two safe options:

• Use default system fonts (Arial, Tahoma, Verdana, Helvetica, Times New Roman, etc.).
• Use Google Fonts but as a self-hosting option, without connecting to Google servers.

Check the front-end source HTML code of your website and if you would notice that Google Fonts is still loading you have to:

1. Check Helix Ultimate / Helix3 in the Typography settings, and disable all Google Fonts also there, for Body, Headings, Navigation, and Custom areas. Yes, you can keep only system fonts, like Arial, Tahoma, Verdana, etc. which are totally DSGVO/GDPR-safe fonts.
   
   

   

2. Sometimes Google Fonts can be loaded also from additional extensions, like slideshow modules or components. So you have to check on which subpages you have Google Fonts or if you don't have them. This will allow you to identify what extension uses Google Fonts.
3. You can also delete font names from a database, for that task, you can use the Free version of DB Replacer (from RegularLabs). In the below example, we searched only inside sppagebuilder Table. An example "Karla" font name. In your case copy the font name from the HTML name and use it inside the Search field and replace it with empty space. Follow 1-6 steps from the screenshot.

Notice! If you have Google Fonts on subpage with the Slideshow addon, please check every slide item, and every used object if it uses Google Fonts and remove the font name. As an alternative, a faster method is DB Replacer (RegularLabs) tool. Remember to make a website Database backup first.

How to upload Custom Font in SP Page Builder 5x

1. Download or locate the file with your custom font. There are many sources online for downloading free fonts. It must be downloaded as .TTF or .OTF file. You can also download the font directly through the Font Squirrel website.
2. Go to the Font Squirrel Webfont Generator
3. Click the Upload Fonts button to select your .TTF or .OTF font file. It must be a single font only. Regular and Bold are two different fonts.
4. Select the output of the files (we recommend using the Basic or Optimal settings unless you are comfortable with the Expert Settings).
5. Tick [x] the Agreement section, with the text "I'm uploading are legally eligible for web embedding".
   

   

6. Then after a few moments, you should see and be able to click the "Download your kit" button. This package contains font in web formats (.woff, .woff2) + css style.
7. Once it is finished downloading, you will be left with a webfontkit zip file. Example filename: webfontkit-20220801-043436.zip.
8. Using SP Page Builder Pro > "Upload the font" feature - choose the font zip file created in Webfont Generator (screenshot below).

9. 9. Remember to install Light, Regular, Medium, and Bold as separate font .zip files, not in one package. We apologize for this minor inconvenience.

Notice!  The ttf. is not web format, for websites you have to use .woff / .woff2 format - packed as we informed above.

How to use Google Fonts in a fully legal way

It is possible to download the desired Google fonts, integrate them locally, and then cut the connection to the Google servers. This procedure does not require consent and the legality is even confirmed in Google's FAQ on Google Fonts. The official Google Fonts website (https://fonts.google.com/)  allows you to download any font after the weight choice. The downloaded package contains only font file(s). If you want to continue using Google Fonts in a more privacy-respecting way, there are many tutorials (also ours) for self-hosting the fonts.

Good news! In SP Page Builder 5+ using Custom Fonts and Google Fonts was improved. Now you can upload, choose, and use them from your local server without worrying about GDPR/DSGVO law. We called that new feature "Font Book". You can decide what type of fonts you want to use and how they should be loaded, for example, from your website server. Google Fonts API Key is necessary and must be generated and added to SP Page Builder Settings area.

In SPPB Settings > Advanced > Disable Google Fonts: Off (grey) -  otherwise, you cannot use fonts that you chose from the list of Google Fonts by "Font Book" feature. Don't worry only local fonts will be used.

Font Awesome vs. DSGVO law

All Font Awesome files (CSS styles and font files) used are loaded from your local server only. No connection with the developer site. FontAwesome is also not made by Google. You don't have to worry about DSVO law in that case and change anything.

Google Recaptcha vs DSGVO law

Google reCAPTCHA is a so-called Captcha and that stands for "completely automated public Turing test to tell computers and humans apart". Joomla have built-in plugin for that, we use it inside the Contact and Form Builder addon. Thus, the task of Google reCAPTCHA is already clear, namely to distinguish humans from bots. To use that feature its load's algorithm file api.js from the Google server. However, Google's general privacy policy does not contain any explanation of how Google reCAPTCHA works, and what personal data collect (if any). Whether further data is processed specifically by Google reCAPTCHA in order to analyze user behavior remains unclear. And this is a problem because you have to specify the categories of processed data in your privacy policy (see also Art. 14 (1) (d) DSGVO). Therefore, according to the Bavarian data protection authority, the use of Google reCAPTCHA is already law problematic. For more information in the DE language - read this Recaptcha-DSGVO article.

DSGVO / Google Fonts Scanners (DE)

Online testers-scanners for German & Austria webmasters (free pretest):

• www.e-recht24.de/google-fonts-scanner
• www.ccm19.de/google-fonts-checker/
• www.e-recht24.de/websitescanner