Google Analytics and Google Fonts API now illegal in Europe
The PhotoDeck blog - 11 Feb 2022

Google Analytics and Google Fonts API now illegal in Europe

This might be the beginning of something huge.

A couple of weeks ago, a German court fined a website owner for using the Google Fonts service. The reason? The fonts were hosted by Google on a server outside of the EU, providing Google with each visitor’s IP address without its consent. The court deemed it to be a violation of the GDPR (European data protection laws). The rest of the EU is expected to follow suit.

At about the same time, the Austrian Data Protection Authority DSB ruled that the use of Google Analytics violates the GDPR. And yesterday, its French counterpart CNIL ordered a website to stop using Google Analytics for the same reason, and complaints are open against several major French websites.

Knowing how popular Google Analytics and the Google Fonts service are, the implications of this are huge.

And considering that PhotoDeck offers an integration to both services, this directly affects our European members (and members outside the EU serving European visitors.)

I’m in Europe and my website uses Google Analytics and/or the Google Fonts service. What should I do?

In a word: STOP.

This also applies to other non-European services, like Facebook codes or Adobe Typekit.

If you’re a PhotoDeck member, we’ve made it easy for you, though.

Google Fonts

All PhotoDeck designs rely by default on Google Fonts. But it’s the direct integration of the Google service that is illegal, not the use of the fonts themselves.

And we’ve already built a solution:

Our service is now able to download the fonts from Google and serve them from our Content Distribution Network, just like other parts of a PhotoDeck website. As a result, a European visitor’s browser connects to a server in Europe to access the fonts, and not anymore to Google in the US.

In essence, this proxy shields the viewer’s IP address from Google.

This will be rolled out progressively over the next few weeks to the PhotoDeck websites that use the “Opt-In” or “Opt-Out” cookies consent mode.

Google Analytics

Google Analytics is a complex beast, and there currently doesn’t appear to be workarounds that would allow making it legal in the EU.

So today, just one day after the French ruling, we’ve added the option to connect PhotoDeck websites to two new Analytics providers, as replacements to Google Analytics. They both are in the EU and use privacy friendliness and GDPR-compliancy as a key selling point:

  • Matomo (formerly Piwik) is a well-known and established provider, and they allow importing historical data from Google Analytics. Unfortunately they don’t have free plans for low-traffic websites.
  • Microanalytics is a simple alternative. They are lesser known, but offer a free plan for low traffic.

Please note that we are not affiliated with either service, we don’t have first-hand experience with them yet, and the fact that we built the option to use them at short notice is not an endorsement of either. We do welcome your feedback!

So if you’re a European PhotoDeck member, this is what you should do:
  1. Remove the Google Analytics code from your website (My Website / Setup / Analytics), and use our new options to connect to Matomo or Microanalytics instead ;
  2. Make sure you use the “Opt-In” cookies consent mode (under My Business / Legal / Cookies consent) ;
  3. Accept the prompt to upgrade your website engine if/when it appears within a couple of weeks. (The website engine might be automatically updated when you work on your website, in which case the prompt won’t appear).

What does PhotoDeck make of this?

The law is the law, so what we think is quite secondary. But still, in case you wonder: we love where things are going.

In the short term, it’s of course a pain. Nobody likes extra work that doesn’t seem to provide new value, and Google Analytics can be a valuable tool.

But as private individuals, that’s great news. We believe that privacy is a fundamental right, and that the domination of the large Internet multinationals and the industrial-scale digital surveillance they practise must be reined in.

That’s for example the reason why we removed our integration with Facebook a few years ago, replaced the AddThis.com widget a couple of years yearlier and why PhotoDeck founder JF is an avid user of tracking-blocking technologies.

These new developments resonate with PhotoDeck’s values and DNA and make us proud Europeans.

It’s the right thing to do.

This is important news to anyone who runs a website in Europe, so feel free to share this with those of your friends that might be affected!

Want more articles like this delivered to your mailbox?

Subscribe to our monthly newsletter!
Useful articles and latest updates, no spam.