Legal Problem with Google Fonts (GDPR, German Court Ruling)

We see a new wave of legal threats and payment requests sent to websites in Europe based on a recent German court ruling (LG München, Az. 3 O 17493/20 vom 19.01.2022 (Urteil) | GRUR-RS 2022, 612 BeckRS 2022, 612 REWIS RS 2022, 1892) that basically says loading Google fonts directly from the browser of the end user provides Google with the end users IP address (personally identifiable data) which is in violation of GDPR (* see also comment at the end).

I have checked my website built on Bubble (inspecting the html code and also had an external tool look at it) and unfortunately this site loads all fonts I had ever used in Bubble at runtime from Google (even if they are not used anymore - but not 100% sure I cleaned up everything to be fair).

With other web technologies (e.g. Wordpress) a simple workaround is suggested by installing these fonts locally on the server (this would be the bubble server in this case) so no external (third party) request is created.

Looking through some fonts discussions here in the forum (e.g. Google Fonts vs Custom Fonts (via Bubble's Cloudflare)) I understand that it is currently impossible to ensure a clean behavior here (and quite a bit of work).

Anybody has a solution or idea on this?

  • Comment: A simple short-term hack would be to gain end user consent by adding this behavior clearly to the cockie consent pop-up - unfortunately this does not work because you need fonts to ask for consent. :man_facepalming:
4 Likes

Hi @m.bb

did you find a solution for this? I’m about to publish my application soon and I’m facing the same problem. I’ll import fonts now and then I will manually change all texts in my application … Did you manage to get rid of the Google web fonts in your application now? Where can you actually see that Google Web Fonts is still active?

I hope we can find a solution for this problem… It’s not fun at all.

Cheers,
Philipp

Nope. I did open a support case on this on Aug 24.

The investigations team replied very fast, said the issue is immediately forwarded to product and engineering teams as they take GDPR very seriously. No further information yet, just have pinged them for an update right now.

btw. I have looked into the client side code and there is some Google fonts related Javascript going on. Also used an online check tool (Google-Fonts-Checker | SICHER3) which came up deep red.

Oh man… Is your application live yet and did you manually change all fonts already and still get the deep red response from the checker? (Btw. Google Material Icons are also part of Google Fonts if I’m not mistaken.)

PS: Could you inform me about the response from bubble? :slight_smile:

It was live, have take it partly offline for now. Have two other projects that I am working on that I might have to park too - which is a shame as I love Bubble and have invested a lot of time into learning it.

Will post here if I get a response, yes.

Do you park it because of this exact issue? Or are there any other reasons on top?

No, just this topic currently.
I love Bubble.
It has some quirks, but overall is a great tool if you know how to use it and what it’s limitations are.

Update from Bubble support on this:

Our Engineering team has confirmed that the required implementations for accommodating the new GDPR ruling are quite non-trivial, and that this will need to take place via a longer-term timeline with further Product discussions and more thorough backend work.

That said, in the meantime, they have shared the following workarounds:

  1. Only using the non-Google fonts offered by default within Bubble. These would include:
    Arial, Arial Black, Times New Roman, Courier New, Georgia, Trebuchet MS, Verdana, Palatino, Garamond, Bookman, Avant Garde, and Impact.

  2. Replacing any Google fonts that are in use within your app with “Custom Font” counterparts instead. (ie. Manually downloading any desired fonts from Google, and then uploading those into your app as custom fonts that would now be stored in Bubble’s storage servers rather than getting called from Google’s servers.)

  3. Including a banner on your site to explain that it loads fonts from Google, so any visiting users are aware of GDPR considerations should they continue engaging with the site.

2 Likes

Please note that point 3 is not a clean solution in my opinion.

Although widely used it has clearly been established that providing just a banner and telling visitors that their continued use of the site is a form of acceptance is not enough to satisfy GDPR, there has to be an expressed opt-in action e.g. an accept button by the user beforehand. As Bubble currently loads all the fonts used in the app already on page load any such e.g. popup would be too late.

1 Like

Hi there,

I actually changed all Google fonts to Custom fonts and still have the google fonts API in my source code. Either I missed a few elements or it doesn’t fully work like this. Did you manage to get rid of it in you application?

Cheers,
Philipp

That is absolutely true. I talked about this with my lawyer and as soon as the page loaded, the fonts are already applied. Independent of a cookie banner or other measures beforehand. Hence this is unfortunately not a feasible workaround.

My lawyer strongly urged me to get Google Web Fonts out of my application ASAP, but unfortunately I couldn’t manage that yet…

Hi,
no - unfortunately I got to the the same point as you. I will not find the time to explore deeper until somewhere next week, but what you write is in line with the tests I have done earlier.

Further update from Bubble support (this came in quite fast after the last discussion, it is only me finding the time now to share it):

Thanks for the follow-up! Regarding point #3, I’ve taken note of the requirements for an explicit opt-in action before any violating resources are loaded in the first place, and will make sure to share this with the engineering team so they are aware as they continue working towards the longer-term accommodations for this!

As for points #1-2, you are correct that Bubble downloads all fonts used anywhere in the app (not only on the current page) immediately upon page load. That said, you’ll need to make sure you’ve removed or replaced all references to Google Fonts within your app, including within your Styles tab and Plugins tab (our engineering team has confirmed that it is possible to fully eliminate the Google Font resources from the source code by following this same process within their test apps).

I realize this is quite a tedious process, so I’ll also be submitting a feature request for an in-editor means of auditing font usage. In the meantime, if you are familiar with JSON, the engineering team has also mentioned that you can export your app JSON, search for any uses of Google Font resources there, and then locate the associated elements/settings in your app to make the appropriate edits.

2 Likes

This has been something I have battled with as I need my site to be accessed in China where google is blocked including fonts. I can say that it is possible. I have a set of custom fonts that I have loaded and have created default styles for every element including all plugins with my custom font or Arial (the only bubble font that is not-google). Yes, it is tedious and a pain. But it can be done. Adding something like font to app wide font would be helpful. Even better, let me just turn off google fonts in settings and don’t even load them in the editor, default to a standard web family if font information is missing

2 Likes

I have received an identical e-mail. After working through the JSON file, I was finally able to completely get rid of the Google Web Fonts in my application. (Checked it here: Google-Fonts-Checker | SICHER3)

What I noticed: The font-family was sometimes stored on group elements, which obviously do not have any text in them. I don’t know how this is exactly possible, however it was impossible to delete all google web fonts in my bubble application editor because I simply was not able to see everything.

However the good news is: Once all fonts have been changed, google web fonts disappears out of the source code and we are good to go! :slight_smile:

2 Likes

Is there any new information on this issue?

We have multiple applications running and even after manually replacing every google font with a custom font we are still unable to get rid of the main font “Lato” which shows up on every text element when using any element style; even when the font is changed in the style-sheet. The only way is to manually change every single text font on every single object, which is (as philipp.laengle107 already wrote) sometimes completely impossible (like on group elements).

@dbpg I have heard no further updates on this from Bubble. I have stopped all work on the platform for now. Maybe you want to open a support case and share what you get back with us?

1 Like

There is some news: How Biden’s New Executive Order Impacts Businesses

@m.bb, you really cannot get rid of the Google fonts? I’ve worked my way through 3 apps now and every time it was possible to get rid of them. Really a matter of going through the element tree of every page & reusable from top to bottom (tedious work).

This topic was automatically closed after 70 days. New replies are no longer allowed.