[EmilyHughes]

In Austria there was recently a case of a women sueing thousands of businesses for using google fonts on their website. The reasoning was that the fonts are hosted on google, so by visiting these sites they sent her IP to google without her knowing (what is meant is just the font download via the browser from google servers, nothing was actually "sent"). Apparently she visited these thousands of business websites one by one and the infringement on her privacy caused her so much emotional damage that she wanted to be compensated for it. The women herself remained anonymous but last I heard the lawyer that worked with her on this got his tires slashed and threatend with violence.

[kjs3]

You can sue thousands of people in Austria and remain anonymous? No way is that ripe for abuse.../s

[mschuster91]

We had the same shit in Germany. The lawyer and the crying-wolf frontman are facing a criminal investigation and police seized 346.000€ in December last year [1].

> what is meant is just the font download via the browser from google servers, nothing was actually "sent"

Well, Google does get sent the IP address, and that is enough to be covered by GDPR regulation.

While I do think it's important the GDPR gets respected, I seriously think that enforcement needs a "severity" threshold for fines - and there needs to be some distinction between actually legitimate "necessary for functioning" data processing which would include stuff such as Google Fonts and between abuse of "necessary for functioning" data processing that includes all kinds of trackers.

[1] https://www.ndr.de/nachrichten/niedersachsen/hannover_weser-...

[Hizonner]

> there needs to be some distinction between actually legitimate "necessary for functioning" data processing which would include stuff such as Google Fonts

Downloaded fonts are not "necessary for functioning". Just use the system fonts.

Essentially no actual user cares AT ALL about the fonts on your Web site. If you're wasting time and energy on stuff like fonts, all you're doing is frustrating users by not putting that time and energy into anything actually valuable... while wasting every user's bandwidth.

Anyway, you have no control over what Google does with that IP address (or any associated cookies), and likely no reliable assurance that what Google does with the information is "necessary for functioning". I would expect Google to tie that download to every other download from that user's browser on every other site, and use the results for every possible purpose. If by some miracle Google doesn't do that, lots of the other third-party crap that sites embed will. Often the third party providers' descriptions of how their stuff work will be missing, incomplete, unintentionally wrong, intentionally misleading, or outright lies, so to have any real assurance you'd need to do some serious due diligence on every third party embed. Which nobody does, and which would defeat the "easy use" advantage of using those embeds to begin with.

Nearly all Web pages could load without a single connection to any server other than the one in the page URL. It's completely appropriate to treat every such connection as a disclosure of information to a third party... with all the regulatory requirements that should come with that... regardless of whether or not you've gotten used to making those connections without thinking about them. If it takes big fines to enforce that, well, I guess that's tough.

[EmilyHughes]

But it's the job of the government to enforce that via warnings and fines, not private entities sueing for "emotional damage".

The IP alone is almost useless anyway unless it can be tied to other information you've given up to google already - in which case you can't tell you are that cautious with your browsing to begin with.

[hakfoo]

Couldn't at least "icon fonts" like FontAwesome be necessary for meaningful functionality of some sites?

A site that's sprinkled with [FE30] placeholders where the designers expected icons isn't necessarily readable or usable.