Adobe and Google Fonts may violate GDPR

Marcus Strömberg

Published: Oct 16, 2024

GDPR

What do you mean, that can’t be right? Actually, if you don’t use them correctly, it could result in your website violating GDPR. In this article, we’ll explain how this happens and what you can do to avoid it.

Who would have thought a font could violate GDPR?

For me, this was a bit of a surprise when I was talking with one of our developers, Caspar Skripkauskas, about how we were going to create a WebGL animation that includes text. For the WebGL animation to work, we needed access to the font, not just fetching it through an API. This led us to investigate how GDPR-compliant it is to fetch fonts via an API from Adobe Fonts. And it quickly turned out that it could violate GDPR. This made me wonder exactly how this violates GDPR, whether it applies to Google Fonts as well, and if there are more disadvantages you might not think about.

How do Adobe and Google Fonts violate GDPR?

This doesn’t mean you suddenly have to stop using fonts from Adobe Fonts and Google Fonts. If used correctly, you can still stay within GDPR regulations, though it may not be as seamless as before.

Neither Adobe Fonts nor Google Fonts place any cookies on your website. However, they are font services that provide an API to deliver font files to you. To provide the fonts to your website, they collect user requests, fetch the files from their servers, and deliver them to the end-user so the fonts can be rendered in the browser. During this process, Adobe’s and Google’s servers register the user's IP address, which may be located outside the EU. And this is where the GDPR issue arises.

Collecting personal information, which could be shared with third-party services, without consent violates GDPR. Since an IP address is considered personal information, you must ask for consent before displaying the fonts to your website visitors.

How do I make fonts from Adobe or Google GDPR friendly?

To use fonts on your website from Adobe or Google, you should choose one of the following options:

Users must consent to the cookie policy
Even though neither Adobe nor Google place any “real” cookies on your site, you still need to inform your visitors that data is being collected. This means that the font cannot be fetched from the service until the user has given their consent.

Download and host fonts locally
Instead of fetching your fonts via an API, you can download and host them locally. Google Fonts allows you to easily download any font, whereas Adobe Fonts requires you to purchase the font directly from its designer. This is the best option and gives you more flexibility if, for example, you want to use the font in a WebGL animation.

Are there other drawbacks to using fonts via an API?

Using fonts from one of these services isn’t uncommon when building visual identities (though it’s not ideal). Agencies often pay for an Adobe license, granting access to all fonts, making it convenient to use them. However, this creates several challenges and issues beyond GDPR, such as:

Adobe or Google could remove the font you’ve chosen from their library
You need a paid Adobe subscription to use their fonts
Fonts from Adobe are installed via the Creative Cloud app, which must be running before you can use the fonts
If the font isn’t available locally, it limits the creative possibilities for your website

So, if you want to use fonts via Adobe Fonts and want maximum freedom, it’s best to download or purchase them directly from the creators. And if you’re using Google Fonts, download them locally.

Latest news

Ensuring GDPR compliance in web development

Why you need a digital brand guide

Zaptec wins digital awards

Who would have thought a font could violate GDPR?

How do Adobe and Google Fonts violate GDPR?

How do I make fonts from Adobe or Google GDPR friendly?

Are there other drawbacks to using fonts via an API?