11. Data protection vs. Google Fonts
If you download the desired fonts and store them locally on your server, the fonts will be reloaded directly from your server when you visit the website instead of being downloaded online from Google servers. This means that no connection is established to Google servers and no data is sent to Google. With this integration, you are on the safe side and not affected by the ruling.
It only becomes critical if you use Google Fonts remotely and do not store them locally on your own server. In this case, individual fonts are not loaded from your server when you call up the website, but from Google servers. During this process, personal data of the website visitors (including their IP address) is automatically transmitted to Google. This means that the respective website visitor no longer has any control over the processing of his or her data, which is an unacceptable violation of general personal rights.
Both you as the website operator and Google LLC are responsible for protecting the personal data of website visitors. If you do not do this, you will have to expect high warning costs due to DSGVO violations.