Using Google fonts in a theme violates GDPR, fingerprinting information is provided to Google when requesting the fonts.
The Google Fonts API logs the details of the HTTP request, which includes the timestamp, requested URL, and all HTTP headers (including referrer and user agent string) provided in connection with the use of our CSS API.
Not good, I use Bunny’s font library instead.
Bunny CDN provides free GDPR-safe web fonts at Bunny Fonts | Explore Faster & GDPR friendly Fonts
They are drop-in, simply swap https://fonts.bunny.net/css
in place of https://fonts.googleapis.com/css
and you’re good.
Also check for any pre-connect in your <head>
<link rel="preconnect" href="https://fonts.gstatic.com/">
and switch to
<link rel="preconnect" href="https://fonts.bunny.net">
Here’s a detailed background on the GDPR situation…