Complying with GDPR when using Google Fonts

As you may have heard, a German court fined a website using Google-hosted webfonts for violating Europe’s General Data Protection Regulation (GDPR).

This decision affects many themes in the directory. Most of us have been using Google Fonts by enqueuing from Google CDN. While it improves performance, it reveals a user’s IP address which consequently violates a user’s privacy.

How does the decision affect the existing themes?

The themes team strongly encourages the theme authors to update their themes. We recommend updating by switching to locally hosted webfonts. Luckily Google Fonts can be downloaded and bundled in a theme. Bundled font files allow users to host webfonts locally and comply with GDPR.

How does the decision affect the new themes?

We are planning to discuss further at our next meeting whether the remotely hosted font is allowed in a theme as we move forward. Please use the comment box below if you’d like to leave any comments.

Ways to locally host webfonts files

You can check out the default theme, Twenty Twenty-Two, to learn how to bundle locally hosted webfont files using theme.json.

For those using functions.php, you can check out the Implementing a Webfonts API in WordPress Core post by @aristath. It explains how to generate styles using bundled font files in detail. 

Alternatively, the theme authors can use the Webfont-loader package in conjunction with the webfonts APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways.. It allows authors to download Google Fonts locally and then use them in the API, which currently only supports local fonts.

Default themes

WordPress core contributorsCore Contributors Core contributors are those who have worked on a release of WordPress, by creating the functions or finding and patching bugs. These contributions are done through Trac. https://core.trac.wordpress.org. are moving forward with updating the default themes, Twenty Twelve through Twenty Seventeen. You can follow the conversation at this link. Props to @luehrsen and @luminuu

Resources

Thank you @aristath and @kafleg for reviewing the post.

#themereview, #themes-team