Loading fonts straight from Google’s servers (via CDN) sends the user’s IP address to Google — which counts as personal data under GDPR. That means that if your website targets users in the EU/EEA, you might actually need a cookie banner just for fonts 😆
The nice thing is, even if you are concerned about GDPR, you can still use Google Fonts without the cookie banner, as long as you self-host the fonts. Instead of linking them in your HTML, you can download the fonts and include them with @font-face in your CSS.
I only learned about this recently while reading about fonts, so just tossing it out there in case it helps other beginners like me.
Anyone have other tips or thoughts for beginners — either around web dev and regional privacy laws, or just general best practices? Always curious to hear what more experienced devs wish they’d known early on 👀
Top comments (2)
yes i learnt a while ago about this. Highly useful!
Nice! Thanks for reading 😄