Website operators have been extremely unsettled for some time. Recipients of warnings repeatedly came forward alleging GDPR violations due to the use of Google Fonts and claiming compensation for pain and suffering.

The stitch

Since the summer of 2022, thousands of website operators have received warning letters demanding payment of between 100 and 500 euros. The warnings accused them of an “inadmissible interference with general personal rights” and a violation of the General Data Protection Regulation (GDPR). Their alleged crime: They used Google Fonts on their website, the fonts of which Google offers over 1,400 for free use.

The two men now accused, a Berlin lawyer and a client who is also said to be a representative of a data protection interest group, had programmed software themselves. With this application they were able to find websites that use Google Fonts and track and log “website visits”. These visits in turn then served as the “basis for alleging data protection violations and asserting claims for damages.” In short: it was about GDPR violations: The big ghost since the introduction of the General Data Protection Regulation on May 25, 2018.

GDPR violation?

With the Google Fonts service, the group provides website operators with more than 1,400 fonts for free use without having to keep the Google Fonts available on its own servers.

The problem: visitors to these websites load these fonts directly from the Google servers when viewing the websites and have to submit their own IP address. This usually happens without the knowledge or explicit consent of the site visitors. However, in January 2022, the Munich Regional Court decided (Az. 3 O 17493/20) that this data transfer constitutes a violation of the GDPR. The now accused based their wave of warnings on this legal basis.

Press release from the Berlin Public Prosecutor's Office

The Berlin Public Prosecutor's Office published the following press release on December 21st:

Searches after a wave of warnings due to the use of “Google Fonts”.

In a case against two defendants - a 53-year-old lawyer based in Berlin and his 41-year-old client, the alleged representative of an “IG Data Protection” organization - were arrested today on suspicion of (partly) attempted warning fraud and (attempted) blackmail In at least 2,418 cases, the police executed search warrants on behalf of the Berlin public prosecutor's office in Berlin, Hanover, Ratzeburg and Baden-Baden, as well as two arrest warrants with a total sum of 346,000 euros.

The defendants are accused of having sent a lawyer's letter warning private individuals and small businesses nationwide who used so-called "Google Fonts" - an interactive directory with over 1,400 fonts that determine the typeface of a website - on their homepages.

At the same time, they were offered the opportunity to avoid civil proceedings by paying a settlement amount of 170 euros each. The accused are said to have been aware that the alleged claims for compensation for pain and suffering did not exist due to a violation of the right to informational self-determination. Accordingly, they are also said to have known that there was no reason for those contacted to make a corresponding settlement because they would not have been able to enforce the alleged claims in court. The threat of legal proceedings is therefore said to have actually only been made with the aim of arousing the willingness to settle.

Google Fonts is a tool that is provided license-free by Google for website operators. Internet sites that use this usually automatically transmit the Internet Protocol (IP) address to Google in the USA without the knowledge or consent of website visitors. Against this background, the Munich Regional Court decided in its judgment of January 20, 2022 (Az. 3 O 17493/20) that the automatic passing on of the IP address (as personal data) by the operator of a website constitutes an interference with data protection law the visitor to the site did not consent.

This approach is likely to actually be a violation of the General Data Protection Regulation and a corresponding claim for injunctive relief if an inexperienced user visits such a website.

However, the accused are said to have been quite inexperienced: using specially programmed software, they are said to have initially identified websites that use Google Fonts. In a second step, again using software developed for this purpose, you are said to have automated website visits by the accused 41-year-old, ultimately fictitious visits. The website visits then logged are said to have been the basis for the allegation of data protection violations and the assertion of claims for pain and suffering, which allegedly could have been averted by accepting the “settlement offer”.

The accused are therefore said to have deceived that a person had visited the websites (and not actual software).
However, in the absence of a person, there would then be no violation of a personal right. Since they are said to have made these visits consciously in order to trigger the IP address transfer to the USA, they actually also consented to the transfer, so that there was no longer any data protection violation that could have justified a warning.
In some cases, no data was transferred to the USA at all, but a claim based on it was nevertheless asserted.

The Berlin public prosecutor's office has now received 420 reports from those who were “warned off” who ultimately did not pay. The analysis of the accused's account documents shows that around another 2,000 people accepted and paid the "settlement offer" out of fear of civil proceedings and the incorrect assumption that the claimed claim actually existed.

Today's searches led to the discovery of evidence, particularly documents and data carriers, which now need to be evaluated. Among other things, they are intended to provide further information about the number, selection criteria and identity, actual sales and the exact procedure.

Source:

Berlin Public Prosecutor's Office , Heise

Already read? A Christmas fact check appropriate for the season: Erich Kästner: Dear, good Santa Claus - the fact check


If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:

📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.

Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!

* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!


Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )