I think this decision isn't helpful or beneficial - like many other decisions, rules, and provisions related to GDPR (the fundamental idea of which is good, it's just that the implementation and execution is ... less so).<p>Decisions like that will only lead to more people and businesses hosting everything themselves when they probably shouldn't. With font files there's probably little that can happen in case one hosts those oneself.<p>However, for other aspects such as not being allowed anymore to use any third-party service with any connection to the US whatsoever, it's not quite as simple.<p>If everyone now starts hosting everything themselves, we'll end up with less secure systems, worse security, and less user privacy, because most people and most businesses won't be able to maintain the same security standards as companies like Google. For many services, there simply is no EU-based alternative without any affiliation to US-based companies.<p>Even if there is, the question remains if those are able to provide the same level of security. Unfortunately, there's this widespread fallacy that a service or provider automatically is "safe" simply by virtue of being EU-based.<p>Long story short, it is what it is. Not complying with this decision puts you at risk. If that risk is easily mitigated by loading files from your local server instead of a CDN, there's no reason not to do it.<p>As for services such as Disqus it's more complicated, though. Disqus isn't exactly known for being particularly privacy-friendly. So, apart from the hosting question, it might be a good idea to look for alternatives anyway.<p>Blogging software products such as WordPress often provide a comment feature out-of-the-box. So, why use a third-party service for that in the first place?