According to German and Austrian DSGVO law, we do not recommend using Google Fonts loading from Google Servers located in the US. The German court (in Jan 2022, LG München, Urteil vom 20.01.2022, Az. 3 O 17493/20) deemed this a violation of Europe’s GDPR (General Data Protection Regulation) because Google Fonts exposes the visitor’s IP address. 

• The General Data Protection Regulation (GDPR) is a data protection and privacy law that was introduced by the European Union (EU) and came into effect on May 2018.
• The term "DSGVO" refers to the General Data Protection Regulation (GDPR) in German, which stands for "Datenschutz-Grundverordnung". 
• Its main purpose is to strengthen and unify data protection for individuals within the EU and the European Economic Area (EEA).
• The GDPR includes significant penalties for non-compliance, with fines of up to 4% of the annual global turnover of the previous financial year.
• Please also read German (DE) article "Google Fonts: Warnings End in Court with Outright Defeat for the Plaintiff"

Please treat the information contained on this page as general guidance, not legal advice. While the GPPR laws are not changing rapidly, the line of jurisprudence of national courts is changing.

What are Google Fonts?

Google Fonts is an interactive directory of over 1450 fonts provided by Google. This library is freely available and can be used both remotely and locally. They can be used commercially, and even include within a product that is sold commercially. A wide selection of fonts is available to customize your website and text. However, a faulty Google Fonts integration transmits the personal data of website visitors to Google (US), which is why there are privacy concerns.

EU Privacy law vs. Google Fonts

If you download the fonts you want and store them locally on your server, the fonts will be reloaded directly from your server when you visit the website instead of being downloaded online from Google servers. This way, no connection to Google servers is established and no data is sent to Google. With this integration, you are on the safe side and not affected by the ruling.
It only becomes critical if you use Google Fonts remotely and do not store them locally on your own server. In this case, individual fonts are not loaded from your server when the website is called up, but from Google servers. During this process, the personal data of the website visitors (including their IP address) is automatically transmitted to Google. This means that the respective website visitor no longer has any control over the processing of his or her data, which represents an unacceptable violation of general personal rights. Both you as the website operator and Google LLC are responsible for protecting the personal data of website visitors. If you do not do so, you will have to expect high warning costs due to DSGVO violations.

German court’s ruling threatens a fine (100€ - 400€ ) for each infringement case or, alternatively, six months imprisonment, if the site owner does not comply and continues to provide Google with IP addresses through their use of Google Fonts. According to LG München I, the local (self-hosting) method is unobjectionable under data protection law, since no data is sent to Google when Google Fonts are integrated locally. It means that you can still use Google Fonts but font files must be loaded from your website server or server from an EU country.

Das Landgericht München I hat am Jan 2022 in seinem Urteil (Az.: 3 O 17493/20) die Rechtswidrigkeit der Remote-Einbindung von Google Fonts festgestellt. Infolgedessen haben die Abmahnungen seither deutlich zugenommen und immer mehr Privatpersonen und Abmahnkanzleien nutzen das Urteil, um Schadensersatz zu fordern. Dadurch wächst die Verunsicherung bei Website-Betreibern. Finden Sie heraus, ob es Anlass zur Sorge gibt und wie Sie am besten auf solche Abmahnungen reagieren.

How to check if my website is using Google Fonts?

Here is popular evidence in HTML code that Google Fonts is used from a Google server, not yours (a local one). Such a view should worry German and Austrian webmasters & site owners who care about DSGVO privacy law. Each browser has the option to preview the site in Source Code mode, use it to confirm your assumptions.

You can also use the Google Fonts Scanner (DE) from here: https://www.e-recht24.de/google-fonts-scanner

How to disable Google Fonts entirely

Inside SP Page Builder > Settings, you have a switcher that allows you to disable Google Fonts from use. That option will allow you to choose whether you want Google Fonts (and its HTML code) to load or not.

To avoid legal problems for European webmasters/editors we suggest two safe options:

• Use default system fonts (Arial, Tahoma, Verdana, Helvetica, Times New Roman, etc.).
• Use Google Fonts but as a self-hosting option, without connecting to Google servers.

Check the front-end source HTML code of your website and if you notice that Google Fonts is still loading you have to:

1. Check Helix Ultimate / Helix3 in the Typography settings, and disable all Google Fonts also there, for Body, Headings, Navigation, and Custom areas. Yes, you can keep only system fonts, like Arial, Tahoma, Verdana, etc. which are totally DSGVO/GDPR-safe fonts.
   
   

   

2. Sometimes Google Fonts can be loaded also from additional extensions, like slideshow modules or components. So you have to check on which subpages you have Google Fonts or if you don't have them. This will allow you to identify what extension uses Google Fonts.
3. You can also delete font names from a database, for that task, you can use the Free version of DB Replacer (from RegularLabs). In the below example, we searched only inside sppagebuilder Table. An example "Karla" font name. In your case copy the font name from the HTML name and use it inside the Search field and replace it with empty space. Follow 1-6 steps from the screenshot.

Notice! If you have Google Fonts on subpage with the Slideshow addon, please check every slide item, and every used object if it uses Google Fonts and remove the font name. As an alternative, a faster method is DB Replacer (RegularLabs) tool. Remember to make a website Database backup first.

How to upload Custom Font in SP Page Builder 5x

1. Download or locate the file with your custom font. There are many sources online for downloading free fonts. It must be downloaded as .TTF or .OTF file. You can also download the font directly through the Font Squirrel website.
2. Go to the Font Squirrel Webfont Generator
3. Click the Upload Fonts button to select your .TTF or .OTF font file. It must be a single font only. Regular and Bold are two different fonts.
4. Select the output of the files (we recommend using the Basic or Optimal settings unless you are comfortable with the Expert Settings).
5. Tick [x] the Agreement section, with the text "I'm uploading are legally eligible for web embedding".
   

   

6. Then after a few moments, you should see and be able to click the "Download your kit" button. This package contains font in web formats (.woff, .woff2) + css style.
7. Once it is finished downloading, you will be left with a webfontkit zip file. Example filename: webfontkit-20220801-043436.zip.
8. Using SP Page Builder Pro > "Upload the font" feature - choose the font zip file created in Webfont Generator (screenshot below).

9.  Remember to install Light, Regular, Medium, and Bold as separate font .zip files, not in one package. We apologize for this minor inconvenience.

Notice!  The ttf. is not web format, for websites you have to use .woff / .woff2 format - packed as we informed above.

Notice! Custom Font set using the above method will be used only inside the SPPB component or SPPB module area.  If you want to use Custom font everywhere, in the whole template, you have to use tips from Helix documentation.  You can use Helix Typography settings to choose DSGVO/GDPR-safe fonts (Arial, Tahoma, Verdana, Helvetica) or the Custom CSS method to load extra font file(s). 

If you cannot upload/install the font zip package, check PHP settings, especially memory_limit setting, for example, you should have 128M, 256M, or 512M values.

memory_limit = 256M

If you have "-1" (unlimited) please change it to one of the mentioned values, otherwise, you may not be able to upload the font zip file.

Typical source of problems during font upload.

1. php memory_limit is not set properly.
2. You are trying to upload WOFF, WOFF2, SVG, or EOT files just like that.
3. If your zip package contains more than one font file inside.

Read our tutorial about Font Book.

How to use Google Fonts in a fully legal way

It is possible to download the desired Google fonts, integrate them locally, and then cut the connection to the Google servers. This procedure does not require consent and the legality is even confirmed in Google's FAQ on Google Fonts. The official Google Fonts website (https://fonts.google.com/)  allows you to download any font after the weight choice. The downloaded package contains only font file(s). If you want to continue using Google Fonts in a more privacy-respecting way, there are many tutorials (also ours) for self-hosting the fonts.

Good news! In SP Page Builder 5+ using Custom Fonts and Google Fonts was improved. Now you can upload, choose, and use them from your local server without worrying about GDPR/DSGVO law. We called that new feature "Font Book". You can decide what type of fonts you want to use and how they should be loaded, for example, from your website server. Google Fonts API Key is necessary and must be generated and added to the SP Page Builder Settings area.

In SPPB Settings > Advanced > Disable Google Fonts: Off (grey) -  otherwise, you cannot use fonts that you chose from the list of Google Fonts by "Font Book" feature. Don't worry only local fonts will be used.

Font Awesome vs. DSGVO law

All Font Awesome files (CSS styles and font files) used are loaded from your local server only. No connection with the developer site. FontAwesome is also not made by Google. In that case, you don't have to worry about DSVO law and change anything.

Google reCAPTCHA vs DSGVO law

Google reCAPTCHA is a so-called Captcha that stands for "completely automated public Turing test to tell computers and humans apart". Joomla has a built-in plugin for that, we use it inside the Contact and Form Builder addon. Thus, the task of Google reCAPTCHA is already clear, namely to distinguish humans from bots. To use that feature it load's algorithm file api.js from the Google server. However, Google's general privacy policy does not contain any explanation of how Google reCAPTCHA works, and what personal data is collected (if any). Whether further data is processed specifically by Google reCAPTCHA in order to analyze user behavior remains unclear. This is a problem because you have to specify the categories of processed data in your privacy policy (see also Art. 14 (1) (d) DSGVO). Therefore, according to the Bavarian data protection authority, the use of Google reCAPTCHA is already law problematic. For more information in the DE language please read this Recaptcha-DSGVO article.

DSGVO / Google Fonts Scanners (DE)

Online testers-scanners for German & Austria webmasters (free pretest):

• www.e-recht24.de/google-fonts-scanner
• www.ccm19.de/google-fonts-checker/
• www.e-recht24.de/websitescanner