Usage of Google Fonts in websites violates GDPR
A court in Munich, Germany stated in the beginning of 2022 that the usage of Google Fonts violates GPDR (General Data Protection Regulation).
This means that if one of the following applies to your organization you should not load fonts from Google as otherwise your visitor’s IP-address is sent to google when requesting the resource:
Has an establishment in the European Union;
Offers goods or services to residents of the European Union (regardless of the business⿿ actual location); or
Tracks the behavior of European Union residents through technologies such as cookies, pixels, analytics, CCTV, etc. (regardless of the business⿿ actual location).
There have already been reported injunction letters sent out by lawers or private people to website owners.
So you should make sure to ask your users for consent before loading the font or better load it locally (from your own server). Please keep in mind that loading files locally could result in higher server load or longer page load times.
For more information see eg. the following links: