Hello,
I have just inquired and indeed it is quite crazy what Google recovers as data without the consent of the user.
Clearly there are not several solutions:
Use system default fonts
Finally, the easiest solution you can fall back to is to just use the default system fonts. These fonts are already stored locally in your CMS servers, so your visitors will no longer have to log in with Google.
Admittedly, the obvious downside is the lack of creative freedom with fonts and limited choices.
Can you use Google Fonts and be GDPR compliant?
Yes, you can use Google Fonts and be GDPR compliant. The only time Google Fonts violates GDPR terms is when visitors have to send Google their IP address to request Google Fonts files.
If you can sternly force your visitor to expose their IP address to Google, you can continue to use Google Fonts on your website. To break the connection between Google and your visitor, you can either host Google Fonts locally on your own website or revert to using the default system fonts.
I think if Wix isn’t responding they need to work on it. Imagine that a decision like this has serious consequences for a full SAAS publisher who manages 300 million members.
So I hope that between Google Analytics and now the storage of Google Font fonts the legal team must have some work to do !
Maybe the Privacy Team ( @karenc ) of Wix will respond ASAP… or @eduardog maybe will help ? 