Google fonts: resistance against warning wave is forming
The affair about the wave of warnings because of the use of Google fonts in websites takes a new twist. Doubts are growing that the warning letters sent by the self-proclaimed "data protection lawyer" have any legal basis at all. So the arguments of the lawyer are at least technically questionable. In the meantime, several counterclaims are being prepared.
For approximately two weeks the affair strikes around warnings by the lawyer Marcus H. from Grob Enzersdorf Waves in the domestic economy. Most recently, the Professional Association of Management Consultants, Accountants and IT (UBIT) has stated that it expressly supports a test case brought by the Chamber of Commerce to clarify the facts of the matter.
In the meantime, the warnings themselves appear to be standing on increasingly shaky ground. Because the arguments put forward are at least questionable. Lawyer H. claimed in his warning letter that his client had visited company websites and subsequently discovered that her IP address had been forwarded to Google – which was not only a violation of the GDPR, but also caused her personal discomfort. She feels that her rights have been violated and is now claiming damages – in the amount of 190 euros.
As IT specialists have explained to us, the argumentation is flawed in several places. This starts with the basics: Google fonts are optimized for web use and are therefore often used by website developers. The disadvantage, the IP address of the visitor of the web page could be sent thereby to Google. Technically, however, it is not possible to determine whether the IP address has been recorded at all and whether it has subsequently been passed on to Google Ireland or to a third party. Google USA was sent. Ie, it is not certain whether there is an offense under the GDPR at all. Legally, the warning seems to be based on a German ruling from last May. However, it is not clear whether the use of Google Fonts in Austria constitutes an offense under the GDPR at all.
It becomes exciting, however, if one considers the mass of warning notices sent out. In the meantime, it is assumed that several thousand letters have been sent by Marcus H. have been sent. The lawyer Marcus H. insists that his client would have visited each site personally, but this seems doubtful simply because of the time required.
In addition, however, there are several indications that suggest that a bot or a so-called web crawler, a program for automatically searching websites and creating warning letters, was used to collect the data. This is suggested on the one hand by the IP addresses used, and on the other hand by a number of objectionable websites that are either currently being maintained or cannot be viewed publicly.
However, this raises the question: If a bot was used, is there a data protection violation at all?? After all, a bot is not a person and therefore has no personal rights worthy of protection.
Meanwhile, a counter-movement is forming on the web. Apart from the individual chambers, some lawyers have also become active. According to the daily newspaper Der Standard, Peter Harlander, a lawyer for those affected, has filed a complaint on suspicion of fraud. In addition, the Lower Austria Bar Association is investigating the actions of Marcus H. "There would certainly be more palliative means of highlighting GDPR issues of websites and the rights of individual visitors," the chamber said.
What to do?
If you have received such a warning, you have to comply with the request for information within the prescribed period, according to the GDPR, but you first have to check whether this request is justified at all, and whether the client is really represented by the lawyer. The WKO has published a guide to this on its homepage.
Remains positive: On the basis of this affair, the attention was again drawn to the DSGVO. However, the fact that a lawyer picks the Google fonts does not do the matter any good.