Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#46492] - accessibility plugin and GDPR

No Code Attached Yet
avatar pklinke
pklinke
25 Nov 2025

An option in the settings is to use Google font material icons, loaded per JavaScript.

This is not GDPR-compliant and dangerous for someone who does not know.

Loading font can not be blocked/managed by tools because of JavaScript loading.

avatar pklinke pklinke - open - 25 Nov 2025
avatar joomla-cms-bot joomla-cms-bot - change - 25 Nov 2025
Labels Added: No Code Attached Yet a11y
avatar joomla-cms-bot joomla-cms-bot - labeled - 25 Nov 2025
avatar teoberi
teoberi - comment - 25 Nov 2025

The problem is known and has been raised before but it still doesn't have a solution!
#45271 (comment)

avatar brianteeman
brianteeman - comment - 25 Nov 2025

How is it dangerous? Plus it is not gdpr non-compliant in most EU countries which do not accept loading a google font as a GDPR issue

avatar pklinke
pklinke - comment - 25 Nov 2025

How is it dangerous? Plus it is not gdpr non-compliant in most EU countries which do not accept loading a google font as a GDPR issue

It's "dangerous" insofar as you can receive a cease-and-desist letter in Germany for using Google Fonts! There have already been large waves of such letters here. Can be expansive!

fyi: (in German language):
https://www.datenschutz.org/google-fonts-dsgvo/#:~:text=Die%20Nutzung%20von%20Google%20Fonts%20ohne%20Einwilligung%20der%20User%20verst%C3%B6%C3%9Ft,3%20O%2017493%2F20).

avatar ahotzler
ahotzler - comment - 25 Nov 2025

As a resident of a country where the GDPR applies—which I consider to be a good thing—I can understand the issue.

Regardless of the GDPR, loading external resources makes us dependent on them, and reloading the code allows the provider to track the user.

Ideas I have on this:

  • In the plugin, under the “Google Material Font” option, indicate that it is reloaded externally.

  • Store the font locally, as with Roboto – if this is compatible with the font's terms of use.

avatar richard67
richard67 - comment - 25 Nov 2025

Then switch off the option to use the fonts. What's the problem?

I would be a problem if there was no way to switch it off.

avatar richard67 richard67 - change - 25 Nov 2025
Labels Removed: a11y
avatar richard67 richard67 - unlabeled - 25 Nov 2025
avatar richard67
richard67 - comment - 25 Nov 2025

P.S.: The issue is not an accessibility issue, so I've removed the a11y label.

avatar ahotzler
ahotzler - comment - 25 Nov 2025

The problem is that switching to Google Material Font not only changes the display, but also activates a behavior (loading external data sources) that causes privacy issues for users.

avatar richard67
richard67 - comment - 25 Nov 2025

As fas as I know, the frontend user cannot select that option, it can only be configured in the backend in the plugin options.

And a backend user should know what it means to switch on Google material fonts.

And they can decide to switch it off, then the icons are used and all is good.

avatar richard67
richard67 - comment - 25 Nov 2025

The only thing I would do here is to add a hint in the plugin options, telling that the fonts are loaded from Google and that this might be against regulations in some countries, similar to what we have in the fonts scheme option in the Cassiopeia template style options:

Loading fonts from external sources might be against privacy regulations in some countries.

avatar ahotzler
ahotzler - comment - 25 Nov 2025

I think that's a good suggestion.

avatar teoberi
teoberi - comment - 26 Nov 2025

Maybe the problem with changing the icon could be solved.

Add a Comment

Login with GitHub to post a comment