Love it or hate it, Google is everywhere these days isn’t it? And has been for a long long time. In a lot of ways we rely on the services and products that Google provides. For finding stuff out (Google is Your Friend), for potential customers to find your website, maps, fonts, those all-important visitor analytics, and much more. I think I can be accused of taking Google for granted.
So, when Josh Hall, a web design business expert that I have a lot of respect for, posted a podcast with the title “What the heck is going on with Google, Privacy and Lawsuits with Termageddon” I started to get a bit worried.
At this point I need to say that I am not legally trained and this post is in no way legal advice. So what I say below is very much “as I understand it” and “in my opinion”.
The upshot of it is, recently Google Analytics and Google Fonts have been found to not comply with GDPR. This means that if you are using these tools on your website, you could have a privacy issue which in the worst-case scenario could result in a fine. Eek, right?
GDPR and the UK
I’m sure you can’t have escaped hearing about GDPR over the last few years, but just in case… GDPR is Europe’s data privacy and security law. Here’s a useful link if you want to find out more What is GDPR.
But the UK isn’t part of the EU anymore, I hear you exclaim! Yes, but you don’t need to be in the EU to have to comply with GDPR. In very simple terms, if an EU resident accesses your website, you need to comply. And besides, as I understand it (there I go again), the UK’s own privacy laws are pretty much a copy and paste of GDPR – so if something is found to not comply with GDPR the chances are it’s the same with the UK’s own laws.
What do you mean Analytics and Fonts don’t comply?
So what exactly do I mean when I say that Google Analytics and Google Fonts don’t comply with GDPR.
Firstly, Google Fonts – it is very common to use Google Fonts for the text displayed on a website. In fact, they’ve been a real game changer in web design – no longer are we restricted to a limited set of fonts (Arial, anyone?), instead we have a huge number of fonts to choose from which can make a real difference to your website. The usual way of loading Google Fonts is to connect directly to Google servers. But, the problem is, when you do this Google records the IP addresses of people visiting your site. What??? I know! There is absolutely no reason why Google needs this information to display a font.
Google Analytics is trickier. You use it to track visitor activity on your website to get a grasp of how much traffic your website gets and what people do while they’re there. You would expect some data to be recorded as part of this process, right? But the problem is, Google is gathering identifiable data and using it for its own purposes which is a problem when it comes to privacy laws.
What we’ve been doing about it
So, we have been looking at alternatives which aren’t so problematic. For fonts, this doesn’t mean that we have to stop using Google Fonts – instead we are changing how the websites we manage do it so that the fonts are loaded locally from the website itself without connecting to Google’s servers. Tada! The website is no longer passing IP addresses to Google just so you can display a particular font.
For analytics we’re moving away from Google entirely. We’ve found an amazing alternative called Matomo. For WordPress websites the tool runs entirely on your site so you aren’t passing data to a third party. Cool, right?
This has certainly been a learning curve for us here at Webfooted Designs. But we love finding solutions to potential problems and adopting new tools when needed.