JSDeliver apparently hired a law firm to specifically advise on their situation and apparently the conclusion was it is still safe to use. More detail: <a href="https://www.jsdelivr.com/blog/how-the-german-courts-ruling-on-google-fonts-affects-jsdelivr-and-why-it-is-safe-to-use/" rel="nofollow">https://www.jsdelivr.com/blog/how-the-german-courts-ruling-o...</a><p>Additional edit. If jsdelivr is illegal in Germany, it’s going to come as quite a surprise to many prominent sites: <a href="https://trends.builtwith.com/websitelist/jsDelivr/Germany" rel="nofollow">https://trends.builtwith.com/websitelist/jsDelivr/Germany</a><p>I know nothing more than I’ve found with a few minutes of web searching, but what I have found makes me skeptical of the OPs conclusions.
The GDPR laws have brought so much complexity. I'm currently navigating this for my current EU startup.<p>Don't get me wrong, I'm all for privacy, I agree these laws are needed and that privacy is a fundamental human right.<p>But there are so many nuances and technicalities. The GDPR is clearly making things more difficult for small companies that cannot afford a team of lawyers.<p>GDPR is also putting EU companies at a disadvantage vs companies from the US. I'm aware GDPR laws apply to any company from any country handling personal data from EU citizens... but realistically the EU will probably not chase down small companies from other countries.
Why wouldn't a "agreement" already be in place by the mere fact that those URLs are open to the entire world on purpose? Why can't EU citizens decide they WANT to contact google to download fonts? Banning that automatically doesn't sound very freedom-like.<p>> There is no legitimate interest for using CDNs when the assets could be self-hosted instead.<p>I disagree with this because there are several reasons not to host it yourself, especially when you do not have the network/computing capacity to serve your users all of the content by yourself.<p>And what about loading resources from other third parties that <i>aren't</i> CDNs? Or just accessing any non-EU site in general. Is that now illegal too? It makes no sense to me. This seems wide open for massive abuse.
Betteridge's law apparently fails... according to this non-lawer, at least.<p>In any case, I'm not a fan of free CDNs- they're an extra point of failure, and if you're not using subresource integrity with them, you're just asking for trouble.