Ready for the new Google Consent Mode v2? Learn more »
Legal

Got a Google Fonts warning? Here’s how to counteract it


Currently, especially in Germany and Austria, there seem to be a few hundred free riders who have taken the “Google Fonts judgment” (LG Munich, judgment of January 20th, 2022, Az. 3 O 17493/20) as an opportunity to quickly save a few euros earn. In addition to purely private “warnings” that are sent by email, we are now also receiving reports of legal warnings from law firms. Here we tell you exactly what you can do about it.

IMPORTANT: NO LEGAL ADVICE

Please note that this blog post does not constitute legal advice. In any case, contact your lawyer or legal adviser for more detailed information. The points mentioned in this article merely represent the personal opinion and industry knowledge of the author and should in any case be legally checked by you before use!

Background: Google Fonts & LG Munich

Google Fonts are fonts that web designers can use to brighten up a website and make something special. The advantage for web designers is that they are free and super easy to integrate – hardly any effort, maximum benefit.

In addition to the direct integration by the web developer, Google Fonts also come into a website in other ways, for example when using other Google services such as Google Maps or Google reCaptcha. Some of these services use Google fonts in order to look “pretty” themselves. A website operator can therefore “bring the fonts into the house” without directly knowing about them.

The problem with the fonts: Since they are loaded directly from Google’s servers, Google automatically receives the IP address and any other data of the visitor. As a US provider, this loading process requires “special protection” – typically because the fonts are only loaded when there is consent. No fonts without permission.

In a proceeding before the Munich Regional Court in early 2022, it was also about Google Fonts on a website. As a result of the proceedings, the website operator was found guilty of violating the GDPR and awarded “damages” of EUR 100. Free riders are now taking this as an opportunity to demand EUR 100 (or more) from website operators who also use Google Fonts.

 

Stay up to date!

Subscribe to Newsletter

Defense #1: Eliminate mistakes

As annoying as the warning is, in most cases it is based on an actual problem that exists in the website. So the first thing to do is to fix the problem. The consentmanager crawler offers help here: It clearly lists which services a website loads, which cookies are set and where there are problems, for example with non-EU countries. Put simply, if our crawler isn’t happy with your website, then you shouldn’t be happy with the website’s compliance either.

  1. Start a manual crawl of your website or look at the automatic crawls from the last week.
  2. Identify the issues, particularly those related to Google Fonts.
  3. Eliminate the problems: In the crawler report you will find direct information and appropriate links to our help page.
The website crawler from consentmanager checks the GDPR compliance of your website.
There is still work to be done on this page

For Google Fonts that you have integrated directly into the page, the best solution is to load the fonts onto your own server (we describe how to do this here: https://help.consentmanager.net/books/cmp/page /working-with-google-fonts ).

In cases where the fonts come indirectly to your website, for example via Google Maps or Google Recaptcha, you should block them there (see the examples for Google Maps here: https://help.consentmanager.net/books/cmp/ page/working-with-google-maps and Google ReCaptcha: https://help.consentmanager.net/books/cmp/page/working-with-google-recaptcha )

After everything is eliminated, the crawler can be used to check again.

Defense #2: Request evidence

As unbelievable as it sounds: Of the more than 30 warnings and warning-like letters that we have received, not a single letter has provided real evidence. In almost all cases, it was only said that the client had visited the website and that data was sent to Google. In some cases it is said that evidence is available or could be easily presented – but then there are no attachments to such letters.

As a warned person, there is an option here: If the problems have now been resolved (see above) and the warner has failed to secure the evidence sufficiently, it should now be very difficult to produce it. If he can’t, it’s word for word.

Interesse? Am besten gleich in Kontakt treten


Termin vereinbaren

Defense #3: Sound to counterattack

The old saying “attack is the best defense” has been proven often enough, so you could play it in this case as well. In several cases, counterclaims are already being filed against the warning persons – sometimes also against the warning lawyers / law firms. You can take advantage of this without becoming active yourself: In the best case, telling your opponent that you have seen through the game and will not surrender without a fight will help. A free rider is after a quick buck and may shy away from a lengthy argument (“cost/benefit” calculation no longer works) and may leave it with a “warning”.

In this context, a counter-warning could also be examined. Since it can be assumed that it is very likely an abuse of rights for the purpose of personal enrichment, the person issuing the warning could have committed a criminal offense. In the best case, the threat of such a counter-warning can already help.

Since some of these processes are carried out quite publicly, you can take advantage of their arguments accordingly. Some examples can be obtained from the statement of defense in a case from Austria ( https://www.dataprotect.at/2022/09/21/google-fonts-verfahren-die-klagebe Answering/ ).

A step more drastic is the threat of a counterclaim (or counter-warning): If the warning person surfed the website specifically to look for a potential victim, it could easily be fraud and/or blackmail. In particular, if it can be proven that several warnings (hundreds?) were sent, it can easily be assumed that the warning person was engaged in some kind of “commercial activity”.

In addition, there are the methods of the warning person: If the warning person used a crawler to find the Google fonts on the website, it can be argued that there is no GDPR violation at all (after all, a computer does not have any personal data).

Defense #4: Ignore

Another strategy: just sit it out. A warning letter demanding EUR 100 cannot spend much time collecting this EUR 100. The warning may be followed by another threat – but going to court is a much bigger hurdle, especially because real evidence would then have to be presented. The assumption is that this effort is not worthwhile for the warning person and hopefully you will not hear from him again.

… and for the future: Provisions!

If the issue of a warning is over, you should not see that as the end of the GDPR issues – the next warning or maybe even an official check could flutter into the house tomorrow. Therefore, the saying “preparation is half the battle” also applies here.

In concrete terms, this means: let the consentmanager crawler run regularly on your website (depending on the package, this happens automatically anyway) and be informed promptly if new problems are found. In particular, under Menu > CMPs > Edit > Crawler settings you can make the settings for when and how the crawler should inform you about new problems.

Not a customer yet? Then register now for free and have the website automatically analyzed by the crawler every day!

Update: warnings for other services

In the meantime, we have received various reports from customers who also receive “warnings”. A wide variety of things are now being warned, not just Google Fonts. In some cases, customers have even received warnings for integrated services/tools that are essential for the website. A customer even reports warnings due to the use of a cookie banner, so for the sake of completeness:

It is completely undisputed that any services may be integrated as long as they are “essential” for the service desired by the user. Accordingly, it is also completely undisputed that a cookie banner is “essential” and can be used (note the requirements: not every cookie banner is GDPR-compliant!). You are also welcome to reject the warning given that our service has passed countless official checks and not a single authority would ever have thought of banning our service from a website.

Update: warnings as mass mail

Some customers report warnings that were sent via bulk mail. Here the extent and the audacity of the warnings can only be imagined with difficulty. Various “interest groups” also seem to feel called upon to send out warnings on behalf of their “members”.

Update: LG Baden-Baden issues an interim injunction against warnings

First legal headwind against mass warnings: The Baden-Baden Regional Court has now issued an injunction against a mass warning against Google Fonts. The warning person, Mr. Ismail, is therefore prohibited from contacting the plaintiffs’ partners in connection with the integration of “Google Fonts”. In the event of a violation, there is a risk of a fine of up to €250,000 or even imprisonment (LG Baden-Baden, decision of October 11, 2022, no. 3 O 277/22). More information about the case can be found on the website of the plaintiff law firm LHR .


more comments

General

Newsletter 09/2024

New features: Data Subject Rights (DSR) tool The GDPR provides that those affected (such as website visitors, customers or other persons whose data is processed) enjoy certain rights. This includes, in particular, the right to query their rights and obtain information about the data processed. The rights include, among others: Our new DSR tool now […]
consentmanager logo with the text ‘consentmanager is a Google CMP Gold Partner’ on the left side. Gold medal with a ribbon next to a shield with the text ‘Certified CMP Partner’ in Google brand colours.
News

consentmanager achieves Gold Status as Google CMP Partner

consentmanager is pleased to announce that it has been named a Gold Tier CMP Partner within Google’s Consent Management Platform (CMP) Partner Program. This recognition is awarded to us with consideration of the following criteria: The latest development in the Google Partner Program makes CMP implementation easier for our customers. Now you can integrate your consent banner directly […]