We see a new wave of legal threats and payment requests sent to websites in Europe based on a recent German court ruling (LG München, Az. 3 O 17493/20 vom 19.01.2022 (Urteil) | GRUR-RS 2022, 612 BeckRS 2022, 612 REWIS RS 2022, 1892) that basically says loading Google fonts directly from the browser of the end user provides Google with the end users IP address (personally identifiable data) which is in violation of GDPR (* see also comment at the end).
I have checked my website built on Bubble (inspecting the html code and also had an external tool look at it) and unfortunately this site loads all fonts I had ever used in Bubble at runtime from Google (even if they are not used anymore - but not 100% sure I cleaned up everything to be fair).
With other web technologies (e.g. Wordpress) a simple workaround is suggested by installing these fonts locally on the server (this would be the bubble server in this case) so no external (third party) request is created.
Looking through some fonts discussions here in the forum (e.g. Google Fonts vs Custom Fonts (via Bubble's Cloudflare)) I understand that it is currently impossible to ensure a clean behavior here (and quite a bit of work).
Anybody has a solution or idea on this?
- Comment: A simple short-term hack would be to gain end user consent by adding this behavior clearly to the cockie consent pop-up - unfortunately this does not work because you need fonts to ask for consent.