You maybe read about how a website was fined a small sum because it served a font from Google. It’s quite possible you’re using Google Fonts on your own website (and firstly – congratulations on running your own website), so this may induce a mild panic.
It’s important to note a plaintiff made a specific complaint about the website in question, and if the website had gained permission to pass on their IP address (through an appropriately-worded consent dialogue), there wouldn’t have been a problem. It’s unlikely you’re about to cough up a hundred quid fine any time soon, especially in the glorious, sunlit uplands of an intensely-relaxed-over-regulation post-Brexit UK.
Still, there’s no reason for Google to collect IP addresses. This has always been the problem with the service. It’s ridiculously easy to use, providing free, high quality fonts. Surely there’s a cost somewhere? It’s normally data – and not even ours, but that of the people who have innocently visited our website.
The best solution is to host fonts yourself. Assuming you’re not on a mission to hoover up your visitors’ data, there’s no privacy problem. You also make your website more resilient, removing an additional point where it can break.
However, self-hosting takes some knowledge, or your CMS may make it tricky. There are a few hosted font services out there, and today I came across Bunny Fonts, which claims to be fully GDPR compliant. Perfect!
Using Bunny Fonts
While the website isn’t as friendly as Google’s, it’s easy enough to use. The process of getting fonts on your site is the same – copy the HTML, paste it into your website
head and refer to the family in your CSS.
What’s even better is that it uses the same API as Google. This means you should be able to edit your existing code by replacing any instance of
fonts.bunny.net – including any parameters you pass through, such as
?display=swap. I tried this with STIX Two Text, and it worked without a hitch. I even maintained a 100 web page speed test score. It’s really impressive.
A free, privacy-friendly font hosting service. What’s not to like?
My only concern is the same I have with any private, for-profit company and privacy on the web: we’re relying on individual integrity. It’s the same with DuckDuckGo. Despite the odd €100 fine, enforcement is uncommon in the private sector. While I doubt Bunny is lying or making misleading data tracking and collection claims, the devil is always in the detail. We at least know Google and how godawful it is.