On January 20, 2022, the Munich Regional Court ruled on the illegitimacy of remotely loading Google Fonts. Since then, more private individuals and also law firms have used the ruling to demand compensation, resulting in an increase in cease and desist letters. This has led to growing uncertainty among website operators.
Fonts that are downloaded and stored locally on your server are loaded directly from your server when visiting the website, rather than being downloaded online from Google’s servers. This means there is no connection to Google servers, and no data is sent to Google. Therefore, you are not affected by this ruling and are on the safe side.
Both you as the website operator and also Google LLC are responsible for protecting the personal data of website visitors. Failure to do so may result in legal costs due to GDPR violations.
What are the ways to respond to the cease and desist letter?
- Paying is the quickest option.
- Contacting an attorney.
- Waiting and also monitoring the situation.
- Handling the matter yourself.
- Filing a declaratory action in court.
However, the Munich Regional Court determined that any incorrect or missing consent also constitutes a violation of the general privacy rights of website visitors under Article 6(1)(a) of the GDPR. The automatic transmission of the IP address and the incorrect or omitted consent of the website visitor give rise to a claim for compensation for the resulting non-material damage under Article 82 of the GDPR.
The local approach, as per the Munich Regional Court, is privacy-compliant, as there is no data sent to Google when locally integrating Google Fonts.
For more information, click this.