PERSONAL DATA BREACH ON THE INTERNET: A CASE STUDY ON GOOGLE FONT

Yıl 2024, Cilt: 6 Sayı: 2, 549 - 570, 30.12.2024

Kazım Ateş , Ersin Çağlar

https://doi.org/10.55009/bilisimhukukudergisi.1510104

Öz

Web pages have maintained their popularity from the moment the internet entered our lives becoming a social media catalogue for every sector. Websites facilitated and accelerated many processes such as reaching target audiences, advertising, or sales. Thus, the presence of every sector in the social environment was ensured. With the development of information technology, design opportunities have also developed and the visuality and attractiveness of web pages have gradually increased. Video and text effects are at the top of the design possibilities. Apart from the attractive possibilities of these developing design possibilities, they have also been used for malicious purposes such as stealing or damaging information. This study addresses how the use of Google Fonts conflicts with the European Union's General Data Protection Regulation (GDPR) and the ways to solve this problem. The GDPR has introduced strict rules on the protection and processing of personal data. However, Google Fonts, which is widely used by web developers and designers, sends users' IP addresses to Google's servers without explicitly stating how this data is processed. This is contrary to the GDPR principles of transparency and data minimization. This article elaborates on the privacy implications of using Google Fonts as well as the GDPR violations. As a solution, this study introduces alternatives such as local font hosting, open-source font libraries, and associated best practices. It also emphasizes the significance of the adoption of privacy-oriented design principles by web developers and designers and discusses the potential of these approaches to achieve GDPR compliance. In terms of theoretical and practical perspective, this study aims to provide a roadmap for harmonizing the use of Google Fonts and similar services with applicable privacy-related legislation.

Anahtar Kelimeler

Personal data breach, google fonts, GDPR, web pages, information systems

İnternette Kişisel Veri İhlalleri: Google Font Üzerine Bir Örnek Çalışma

Öz

Web sayfaları internetin hayatımıza girdiği andan itibaren popülaritesini korumuştur. Çünkü tartışmasız her sektörün sosyal medyada kataloğu olmuştur. Web sayfaları ile, hedef kitlelere ulaşma, reklam veya satış yapma gibi işlemler çok kolay ve hızlı olmuştur. Böylece her sektörün sosyal ortamda varlığı sağlanmış oldu. Bilişim teknolojisinin gelişmesiyle beraber tasarım imkanları da gelişerek web sayfalarının görselliği ve çekiciliği giderek artmıştır. Tasarım imkanlarının başında video ve yazı efektleri gelmektedir. Bu gelişen tasarım olanaklarının çekici imkanları dışında bilgileri çalma veya zarar verme gibi kötü niyette de kullanılmıştır. Bu çalışma, Google Fonts kullanımının Avrupa Birliği'nin Genel Veri Koruma Tüzüğü (GDPR) ile nasıl çatıştığını ve bu sorunun çözüm yollarını ele almaktadır. GDPR, bireylerin kişisel verilerinin korunması ve işlenmesi konusunda katı kurallar getirmiştir. Ancak, web geliştiricileri ve tasarımcıları tarafından yaygın olarak kullanılan Google Fonts, kullanıcıların IP adreslerini Google'ın sunucularına gönderirken, bu verilerin işlenme şeklini açıkça belirtmemektedir. Bu durum, GDPR'ın şeffaflık ve veri minimizasyonu ilkelerine aykırıdır. Makale, GDPR ihlallerinin yanı sıra, Google Fonts kullanımının gizlilik üzerindeki etkilerini de detaylı bir şekilde inceler. Çözüm olarak, yerel font hostingi, açık kaynaklı font kütüphaneleri gibi alternatifler ve bu yöntemlerin uygulanmasıyla ilgili en iyi pratikler sunulmaktadır. Ayrıca, web geliştiricileri ve tasarımcılarının gizlilik odaklı tasarım ilkelerini benimsemelerinin önemi vurgulanmakta ve bu yaklaşımların GDPR uyumunu sağlama potansiyeli tartışılmaktadır. Bu çalışma hem teorik hem de pratik açıdan, Google Fonts ve benzeri hizmetlerin kullanımının gizlilikle ilgili mevcut mevzuata uyumlu hale getirilmesi için bir yol haritası sunmayı amaçlamaktadır.

Anahtar Kelimeler

Kişisel veri ihlali, google fonts, GDPR, web sayfaları, bilgi sistemleri

Kaynakça

• Bagnato, Alessandra, Paulo Silva, Ala Sarah Alaqra, and Orhan Ermis. 2020. “Workshop on Privacy Challenges in Public and Private Organizations.” In IFIP Advances in Information and Communication Technology, 576 LNCS:82–89. Springer. https://doi.org/10.1007/978-3-030-42504-3_6.
• Bergh, Daan van den. 2022. “Google Fonts Violates GDPR, German Court Rules. - Daan.Dev.” February 1, 2022. https://daan.dev/blog/gdpr/google-fonts-violates-gdpr-germany/.
• Bigelow, Charles. 2020. “The Font Wars, Part 1.” IEEE Annals of the History of Computing 42 (1): 7–24. https://doi.org/10.1109/MAHC.2020.2971202.
• Claburn, Thomas. 2022. “Website Fined by German Court for Leaking Visitor’s IP Address via Google Fonts.” January 31, 2022. https://www.theregister.com/2022/01/31/website_fine_google_fonts_gdpr/.
• Cooper, Elena. 2018. Art and Modern Copyright. Cambridge University Press. https://doi.org/10.1017/9781316840993.
• Ferjaoui, Syrine. 2020. “Data: The New Form of Wealth and Power.” IEEE Potentials 39 (6): 6–10. https://doi.org/10.1109/MPOT.2020.3016359.
• Ghafarian, Ahmad, and Deniz Keskin. 2022. “Using Memory Forensics to Investigate Security and Privacy of Facebook.” In , 581–601. https://doi.org/10.1007/978-3-031-10467-1_35.
• Gore, Jessica. 2020. “A Type of Theft.” Available at SSRN 3792393, December.
• Güven, Koray. 2021. “Unities of Art: Reconciling Function and Copyright.” IIC International Review of Intellectual Property and Competition Law 52 (9): 1161–89. https://doi.org/10.1007/s40319-021-01117-y.
• Hartini, Sri, and Rudi Hartono. 2023. “Civil Legal Protection Against Misuse of Free License of Copyright Works For Font Designs Provided For Personal Use.” Journal of Law and Sustainable Development 11 (12): e2008. https://doi.org/10.55908/sdgs.v11i12.2008.
• Hoofnagle, Chris Jay, Bart van der Sloot, and Frederik Zuiderveen Borgesius. 2019. “The European Union General Data Protection Regulation: What It Is and What It Means.” Information and Communications Technology Law 28 (1): 65–98. https://doi.org/10.1080/13600834.2019.1573501.
• Johnson, Garrett A., Scott K. Shriver, and Samuel G. Goldberg. 2023. “Privacy and Market Concentration: Intended and Unintended Consequences of the GDPR.” Management Science 69 (10): 5695–5721. https://doi.org/10.1287/mnsc.2023.4709.
• Kanub, Juri, and Jens Eckhardt. 2023. “The Year of ‘Google Fonts’ Warning Letters | International Network of Privacy Law Professionals.” March 1, 2023. https://inplp.com/latest-news/article/the-year-of-google-fonts-warning-letters/.
• Knetsch, Jonas. 2022. “The Compensation of Non-Pecuniary Loss in GDPR Infringement Cases.” Journal of European Tort Law 13 (2): 132–53. https://doi.org/10.1515/jetl-2022-0008.
• Kurtz, Christian, Martin Semmann, and Tilo Böhmann. 2018. “Privacy by Design to Comply with GDPR Privacy by Design to Comply with GDPR: A Review on Third-Party Data Processors Completed Research.”
• Lakshmanan, Ravie. 2022. “German Court Rules Websites Embedding Google Fonts Violates GDPR.”
• Lipton, Jacqueline D, William Berkson, and Mr Ulrich Stiehl. 2009. “To © or Not to @? Copyright and Innovation in the Digital Typeface Industry.”
• Lodigkeit, Klaus. 2006. Intellectual Property Rights in Computer Programs in the USA And Germany. Peter Lang Publishing.
• McGAHN II, Donald F. 1995. “Copyright Infringement of Protected Computer Software: An Analytical Method to Determine Substantial Similarity’ (1995) 21(1) Rutgers Computer & Technology Law.” Rutgers Computer & Technology Law Journal. Vol. 21. https://heinonline.org/HOL/License.
• Mottaeva, Angela, and Bibigul Issayeva. 2023. “Features of Using Modern Information Technologies in Management Activities.” In E3S Web of Conferences. Vol. 381. EDP Sciences. https://doi.org/10.1051/e3sconf/202338102010.
• Mueller, Tobias, Daniel Klotzsche, Dominik Herrmann, and Hannes Federrath. 2019. “Dangers and Prevalence of Unprotected Web Fonts.” https://github.com/muelli/SansFingerprintSans.
• Perzanowski, Aaron. 2018. “The Limits of Copyright Office Expertise.” 734 BERKELEY TECHNOLOGY LAW JOURNAL 33:733. https://doi.org/10.15779/Z38348GG7J.
• Samarati, Pierangela., and Sabrina De Capitani di. Vimercati. 2010. “Data Protection in Outsourcing Scenarios: Issues and Directions.” Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security : 2010, Beijing, China, April 13-16, 2010, 363.
• Scott, Ikeda. 2022. “Leak of IP Address Via Google Fonts Prompts GDPR Fine - CPO Magazine.” February 15, 2022.
• https://www.cpomagazine.com/data-protection/leak-of-ip-address-via-google-fonts-prompts-gdpr-fine/.
• Stach, Christoph. 2023. “Data Is the New Oil–Sort of: A View on Why This Comparison Is Misleading and Its Implications for Modern Data Administration.” Future Internet 15 (2). https://doi.org/10.3390/fi15020071.
• “Verletzung Des Persönlichkeitsrechts Durch Datenschutzverstoß.” 2022. https://www.gesetze-bayern.de/Content/Document/Y-300-Z-GRURRS-B-2022-N-612?hl=true.