Email or username:

Password:

Forgot your password?
Top-level
William O'Connell

@chriscoyier To me this really highlights the problems with GDPR. The goals are noble, but in practice almost every website is arguably non-compliant in one way or another, and the only way to know for sure is to get sued and go to court. EU users complain when non-EU sites block their traffic, but rulings like this make it clear why that happens.

3 comments
Jeolen Bruine

@williamoconnell @chriscoyier I don't get the conclusion that "it highlights the problems with GDPR" when the problem is clearly Google siphoning unaware users' data. Use a Google font and you make calls to ads.google, how is that not a problem? Why should it be allowed without batting an eye?

The second problem is wanting to use GAFAM's tools for everything without second thought. It's high time developers get to think critically of the things they use and impose on unaware non-tech users.

Patrick Georgi

@jeolen @williamoconnell @chriscoyier The terms of service for Google Fonts are _very_ different from everything else at Google (see developers.google.com/fonts/fa)

They really try to do right here, but GDPR still requires consent before pushing PII (like IP addresses) to non-EU places.

That said, the CDN concept for common assets (like fonts or "standard" JS libraries) was more useful when multiple origins shared a CDN file. These days, browser download CDN files once per origin (i.e. website that's using it), removing most of the benefits of using a CDN.

tl;dr: Google Fonts is likely okay to use in theory, still requires opt-in by the user in practice, and doesn't even save bandwidth for the user like it used to.

@jeolen @williamoconnell @chriscoyier The terms of service for Google Fonts are _very_ different from everything else at Google (see developers.google.com/fonts/fa)

They really try to do right here, but GDPR still requires consent before pushing PII (like IP addresses) to non-EU places.

William O'Connell

@jeolen It's not clear to me that this ruling is Google-specific. It seems like the same logic could be applied to almost any third-party resource.

I'm not seeing any requests to ads.google on sites that use Google Fonts. The fonts come from fonts.gstatic.com. It's not obvious to me why it'd be ok for me to host my website on GCP but not ok to use a font hosted by Google. This seems like privacy theater.

Go Up