[dgb23]

You have a point and I as a dev will ensure to follow this principle. The issue is that serving fonts and other assets from an external service is pretty much normal practice. This is new ground. The understanding so far was explicit tracking being the issue and not serving static assets. This ruling makes sense but goes way beyond what the consensus was so far.

[cryptime]

Whose “consensus” ? Google or ad techs. That is not acceptable. The right way is GDPR pop up listing the companies you will share user data. With. If the user approves I am sure no court can touch you.

[dgb23]

I meant consensus among developers. Using external _static_ resources has been a normal thing for very long and generally hasn’t been discussed under the light of GDPR.

In fact I would argue that most devs don’t assume that this is a problem at first glance. The general awareness and education should be better here.