Recently we've heard from German users they were threatened by law firms because of the Google Fonts used on their sites.
Allegedly those firms collect those sites that use Google Fonts by bots. This way they are able to find even small sites visited by only a handful of people (perhaps relatives only), not posing any risk to their visitors' privacy. At first, I thought these firms were some kind of mafia, masquerading themselves as legal businesses, but they turned out to be real law firms. I believe if they were "bona fide" actors, they had not threatened website owners with a lawsuit right away - perhaps they could have called their attention to the problem first.
In January 2022 a German Court fined a website €100 for leaking their visitor's IP addresses via Google Fonts without their consent. Here's an article on the matter. So far nobody has paid attention to IP addresses, which normally tell a website where to send the requested content back. This is how the internet has worked in the past 30 years. These IP addresses for most home users are dynamic, i.e. they change day by day, and it's only the internet service provider can tell who had that particular IP address at a given time. Those who were afraid their IPs were revealed were already using anonymizers – I believe –, like VPNs or secure browsers (Tor).
Now, this court has decided it's the website that's responsible for hiding the user's IP from a service. Even though the website itself doesn't even know if the user has an IP address at all. It is the browser that sends it to Google Fonts, which is by the way Google Chrome for the majority, and we use Google Search, Google Drive, Android, and hundreds of services a day that reveal our IPs to Google. As the saying goes: "Google knows you better than you know yourself". You can't stop Google spying on you with a consent dialog.
Can you imagine how many dialogs you should "OK" if the dream of the inventors of GDPR law comes true? Thousands a day. Site visitors already take these popups as a pure annoyance, and click them away without a thought. What do they expect when a visitor is presented with the choice of revealing their IP or not, will they not visit a site because of this? Most people have no idea what an IP is, anyway. How do we expect them to make an educated decision?
Wouldn't it be a better approach if we have such preferences managed by the browser? It's easier to ask once if a user trusts Google Fonts than on every website.
It's a lawyer's world. I remember I had a car to which I had to make a contract every time I got in, promising that I will not be distracted by the entertainment system. I had to do this during driving most of the time. What if I sued the lawmakers for distracting me from driving? ;-)
In the case of heavy-weight data-harvesting services like Google Analytics or Facebook, it's easy to ask the visitor, and avoid loading them if they refuse it. However, with Google Fonts or jQuery "the damage is already done" when the consent dialog pops up, so there's no way of handling it nicely. You either refrain completely from using those services or you "violate the law".
What can you do to avoid "lawyers"?
First off, turn on "Avoid using Content Delivery Networks" under Settings / SkinName / Advanced panel, provided the skin offers this option. A Content Delivery Network is a third-party service that makes it quicker to load some external libraries. Even though the current wave of blackmails does not mention this, it might be their next target, I'm afraid.