All themes received an update this week to handle GDPR. We have maintained that access to Google Fonts via API is acceptable given the privacy standards that Google has in place:
The Google Fonts API is designed to limit the collection, storage, and use of end-user data to only what is needed to serve fonts efficiently. The use of the Google Fonts API is unauthenticated and the Google Fonts API does not set or log cookies. Requests to the Google Fonts API are made to resource-specific domains, such as fonts.googleapis.com or fonts.gstatic.com. Font requests are separate from and don’t contain any credentials sent to google.com while using other Google services that are authenticated, such as Gmail.
The Google Fonts API logs the details of the HTTP request, which includes the timestamp, requested URL, and all HTTP headers (including referrer and user agent string) provided in connection with the use of our CSS API.
IP addresses are not logged.
However, earlier this year, a German court found a different interpretation of the law and claimed
The integration of dynamic web content such as Google Fonts from US web services is illegal without the consent of the visitor.
For this reason, we have updated all themes to provide users the option to NOT load Google fonts. You can still store Google Fonts locally on your server, but if you choose this option then no information will be sent to Google, in order to comply with recent interpretation of GDPR. For all themes you can go into Web Page Design and then the General Design Options submenu to disable.
- Customizr 4.4.21
- Customizr Pro 2.4.23
- Hueman 3.7.23
- Hueman Pro 1.4.24