GDPR & Google

30th August 2022

Note: the below is not written by a legal expert and does not constitute legal advice.

The register has recently reported that a court in Germany has fined an unidentified website €100 for violating EU privacy law by importing a Google-hosted web font.

An Austrian court has also ruled that Google Analytics is also not GDPR compliant.

As with any new laws and legislation, defining what is and isn’t allowed very much gets shaken out in the case law that follows. Both of the above rulings are only a matter of months old but could have a big impact on millions of existing web sites.

But I’m Not Based in the EU!

UK, and other non-european companies may think this has no impact on them. However GDPR is about restricting the collection of data from European citizens (at the time of writing also those in the UK). So if your site can be visited from anyone in the GDPR zone you need to comply.

Private Data?

The Google Fonts ruling above mentions the personal information being collected as an IP address. As all web services receive the ip address when requesting any content, it is logical to assume this means embedding any third party scripts, images fonts or other data, without first getting explicit consent is a violation of GDPR.

How Can I Check My Site?

Follow these steps below

  • Right click on a page within your website (try to right clicking on the page background )

  • Select Inspect from the drop down menu - this will open the web browsers developer tools

  • Select the Network tab

  • In the filter input type domain: followed by your web domain eg

  • Tick the invert tickbox and hide data urls tickbox, just to the right of the input

If you have anything listed below that box you are loading 3rd party content. See example from our site below

What Should I Do?

For some things eg Google Fonts, it’s possible for us to copy them to your site, so you’re no longer passing any data to Google.

For things like Google Analytics, Maps, reCaptcha, Youtube and Vimeo content, which can’t easily be hosted locally you should really be asking for explicit consent before anything is loaded from those providers. It’s worth noting that those who decline will impact on the number of site visitors recorded by Google Analytics.

How Can Duo Help ?

We have updated our standard cookie consent banner to allow us to block third party code until users opt in.

We have updated the latest version of DuoCMS8 to make it possible for us to replace the embedded content with placeholders so users who have opted out of the consent banner can still access the content by linking through to the various services. Eg, YouTube video embeds get replaced with a locally hosted image of the video, which once clicked opens it on the youtube website.

If you’re on DuoCMS7, we plan to retrospectively add similar tools to that version of the CMS. As earlier versions of the cms are no longer supported we suggest discussing a CMS upgrade.


We have now updated DuoCMS7 to allow us to update the cookie banner and filter out embedded content. If you are one of our DuoCMS7 customers, please contact us if you would like to proceed with this.

Contacts us via our web form or on 0161 883 1856

This site uses cookies that enable us to make improvements, provide relevant content, and for analytics purposes. For more details, see our Cookie Policy. By clicking Accept, you consent to our use of cookies by us and third party code embedded within this site. To change your consent, click the "Update Cookie Consent" link at the bottom of the webpage at any time.