Created by: Daan from FFW.Press
In January, 2022 a German court ruled that a website owner was in breach of GDPR and should pay a € 100,- fine, because embedded Google Fonts were used, essentially transferring the user’s personal data (IP address) without the user’s prior consent.
When an external (i.e. loaded from another server, besides your own) resource is embedded into a webpage, it basically means that the resource behaves as if it’s loaded from the same server hosting the webpage.
Because of the way the internet works. When a browser (i.e. computer) requests a file (e.g. an image or a font file), the server needs the IP address of that computer to send it back. All these requests (including the IP address) are logged in a so-called access.log
.
Once this IP address leaves the European Union, your website is violating the GDPR.
GDPRess scans your homepage for 3rd party scripts (JS) and stylesheets (CSS), and:
In short, it makes sure no requests are made to external/embedded/3rd party scripts and stylesheets.