This is a good thing to point people at when they claim that GDPR is simple to implement. This legal interpretation is totally reasonable but it’s probably not what most developers would expect.
The law itself is very clear and concise so it is straightforward to find that this is not only a reasonable interpretation but right there in the law.
Regardless, my point is just that there are implications of the GDPR that a lot of engineers are probably not aware of. It makes sense that sending your traffic to Google for fonts violates GDPR. But as an engineer, this is just a CDN. I would not have considered this a violation of GDPR without seeing someone else point it out.
