The UK has said it will work "all day" to persuade fellow European states to cut Russia off from the international Swift payment system. From a report: The UK defence secretary, Ben Wallace, ended the pretence that Britain was not at odds with its fellow European leaders over the issue. He said there was still time for Russia to be excluded, and the foreign secretary, Liz Truss, said: "The UK is working with allies to exclude Russia from the Swift financial system." Wallace added: "We will work all the magic, do everything we can in diplomacy." Truss is to undertake a round of shuttle diplomacy to try to rally support for the British position after the EU refused to adopt what has been billed as the "nuclear option" of sanctions. The story adds: Swift is incorporated under Belgian law and, although supervised by a complex web of central banks, it was forced in 2012 to comply with an EU regulation, as confirmed by its home country government, that had cut Iran off from the banking system.

With sanctions on Russia ramping up following its invasion of Ukraine, Google's YouTube is under pressure to remove or cut commercial ties with some of its most prolific pro-Russian channels. From a report: The online video giant has a massive reach in Russia and has long been a popular platform for both government critics and state-backed media. But now officials in the U.S., the U.K. and Europe are discussing restrictions that could target groups and people with huge audiences on the platform, creating a dilemma for the Alphabet-owned business. European Union sanctions, for instance, would target Vladimir Solovyov, a TV and radio journalist behind a YouTube channel with more than 1 million subscribers. An EU report issued on Wednesday said that "Solovyov is known for his extremely hostile attitude toward Ukraine and praise of the Russian government." A four-hour video livestream published overnight on his YouTube channel about the Russian military attacks had over 2.7 million views within its first nine hours. That video also ran advertisements, at least for U.S. viewers.

The EU is taking China to the World Trade Organization for alleged patent infringements that are costing companies billions of euros, as part of what officials in Brussels claim is a "power grab" by Beijing [Editor's note: the link may be paywalled; alternative source] to set smartphone technology licensing rates. Financial Times reports: Businesses, including Sweden's Ericsson, Finland's Nokia and Sharp of Japan, have lost money after China's supreme court banned them from protecting their patents by securing licensing deals in foreign courts, the European Commission said. Chinese courts set licence fees at around half the market rate previously agreed between western technology providers and manufacturers such as Oppo, Xiaomi, ZTE and Huawei, it added.

The lower licensing fees set by Beijing deprive smartphone makers and other mobile telecommunications businesses of a crucial source of revenue to reinvest in research and development. "It is part of a global power grab by the Chinese government by legal means," said a European Commission official. "It is a means to push Europe out." Smartphone makers have agreed global standards for telecommunications networks. In return, technology manufacturers must license their patents to others. If they cannot agree on a price, they go to court to set it. Chinese courts generally set prices at half the level of those in the west, meaning their companies pay less for the technology from overseas providers. In August 2020, China's Supreme People's Court decided that Chinese courts can impose "anti-suit injunctions," which forbid a company taking a case to a court outside the country. Those that do are liable for a â147,000 daily fine and the judgments of courts elsewhere are ignored.

A new claim that Microsoft and Google are gaming the online advertising market to the detriment of smaller rivals threatens to set up a new antitrust clash in Europe, according to previously unseen data. Politico: The two U.S. giants appear to be flooding smaller search engine partners with spam ads and keeping some of the most valuable ads for themselves, according to data reviewed by POLITICO, in a move that draws parallels with the infamous $2.7 billion Google Shopping case. While EU competition chief Margrethe Vestager's 2015 offensive against Google's abuses in the search market got the backing of the EU General Court in November, there are some who say that blind spots in the case have allowed for certain violations to continue -- illustrated by Swedish price-comparison site PriceRunner's decision earlier this month to sue Google for $2.4 billion in damages. And now, according to the same data, both Google and its closest rival in the search engine space, Microsoft, are siphoning off so-called spam ads to smaller search engines that use their search results, as well as limiting the quantity of higher-value ads that appear on these partner search engines.

NSO Group's controversial Pegasus spyware should be banned in the European Union, the bloc's in-house privacy watchdog warned on Tuesday. From a report: "The ban on the development and the deployment of spyware with the capability of Pegasus in the EU would be the most effective option to protect our fundamental rights and freedoms," the European Data Protection Supervisor said in a statement on Tuesday. The warning comes amid increasing scrutiny of abuses of surveillance technologies meant to help intelligence and law enforcement agencies fight serious crime and terrorism. While the EU regulator doesn't make decisions for member countries, its influence at the top echelons of the bloc's institutions may encourage other authorities to crack down on surveillance software.

An anonymous reader quotes a report from Ars Technica: France is planning to build up to 14 nuclear reactors in an attempt to shore up the country's aging nuclear fleet while also reducing the country's carbon emissions. And while the first reactors won't open for years, the announcement could serve to undercut Russia's attempts to keep Europe dependent on natural gas. President Emmanuel Macron announced the decision last week, saying that state-backed Electricite de France, also known as EDF, will build six new plants starting in 2028, with the option to build another eight by 2050. EDF estimates that six next-generation pressurized water reactors will cost around $57 billion. The first could be commissioned as early as 2035.

The move is a sharp reversal of Macron's earlier pledge to close several reactors over the next decade or so. National politics almost certainly play a role -- the nuclear power sector in France employs around 220,000 people, according to one estimate. "What our country needs is the rebirth of France's nuclear industry," Macron said at a nuclear turbine factory that EDF had just purchased from GE. "The time has come for a nuclear renaissance," he said. Macron also said that EDF will build a prototype small modular reactor, or SMR, by 2030. SMRs are fission reactors that are designed to be built in a factory and transported to their final destination. They generally produce less than 1 MW of power and are intended to be more economical than traditional reactors, which are constructed on-site. EDF will face stiff competition from numerous companies, from heavyweights like Westinghouse to startups like NuScale and Chinese firms like China Huaneng Group, which are pushing to commercialize SMRs.

France's new plans were announced less than two weeks after the EU announced that nuclear power would be considered "sustainable," a decision that was subject to intense lobbying by the French government. It also comes at a time of heightened tensions with Russia and its president, Vladimir Putin. Russia has flooded the EU with cheap natural gas, leaving the bloc dependent on the country for much of its energy. In 2020, the EU received more than 40 percent of its natural gas from Russia. The Nord Stream 2 pipeline, which could double Russian exports to the region, appears likely to increase the bloc's dependence. Macron's announcement, while possibly coincidental, could signal that France is interested in taking over as Europe's power center.

France president Emmanuel Macron "has announced a 'renaissance' for the French nuclear industry," reports the Guardian, with plans to build at least six new reactors by 2050 and as many as 14, "arguing that it would help end the country's reliance on fossil fuels and make France carbon neutral by 2050...." Atomic energy provides about 70% of French electricity, and low-cost nuclear power has been a mainstay of the French economy since the 1970s, but recent attempts to build new-generation reactors to replace older models have become mired in cost overruns and delays. Presidential candidates on the right have supported more nuclear power plants saying France should have "sovereignty" over its electricity, while detractors on the left have warned of the cost and complexity of building new reactors. Environmentalists have raised safety concerns over radioactive waste that remains deadly for tens of thousands of years.

Macron said French nuclear regulators were "unequalled" in their rigour and professionalism and that the decision to build new nuclear power plants was a "choice of progress, a choice of confidence in science and technology".

He also announced a major acceleration in the development of solar and offshore wind power. He said France had no choice but to rely on renewables and nuclear and that the country would also have to consume significantly less energy in the next decades.

He said he would seek to extend the lives of all existing French nuclear plants where it was safe to do so....

The French government lobbied hard and successfully to get the European Commission to label nuclear power "green" this month in a landmark review which means it can attract funding as a climate-friendly power source.

An anonymous reader quotes a report from TechCrunch: Use of Google Analytics has now been found to breach European Union privacy laws in France -- after a similar decision was reached in Austria last month. The French data protection watchdog, the CNIL, said today that an unnamed local website's use of Google Analytics is non-compliant with the bloc's General Data Protection Regulation (GDPR) -- breaching Article 44 which covers personal data transfers outside the bloc to so-called third countries which are not considered to have essentially equivalent privacy protections. The U.S. fails this critical equivalence test on account of having sweeping surveillance laws which do not provide non-U.S. citizens with any way to know whether their data is being acquired, how it's being used or to seek redress for any misuse.

France's CNIL has been investigating one of 101 complaints filed by European privacy advocacy group, noyb, back in August 2020 -- after the bloc's top court invalidated the EU-U.S. Privacy Shield agreement on data transfers. Since then (indeed, long before) the legality of transatlantic transfers of personal data have been clouded in uncertainty. While it has taken EU regulators some time to act on illegal data transfers -- despite an immediate warning from the European Data Protection Board of no grace period in the wake of the July 2020 CJEU ruling (aka 'Schrems II) -- decisions are now finally starting to flow. Including another by the European Data Protection Supervisor last month, also involving Google Analytics. In France, the CNIL has ordered the website which was the target of one of noyb's complaints to comply with the GDPR -- and "if necessary, to stop using this service under the current conditions" -- giving it a deadline of one month to comply.

"[A]lthough Google has adopted additional measures to regulate data transfers in the context of the Google Analytics functionality, these are not sufficient to exclude the accessibility of this data for U.S. intelligence services," the CNIL writes in a press release announcing the decision. "There is therefore a risk for French website users who use this service and whose data is exported." The CNIL does leave open the door to continued use of Google Analytics -- but only with substantial changes that would ensure only "anonymous statistical data" gets transferred. The French regulator is also very emphatic that under "current conditions" use of Google Analytics is non-compliant -- and may therefore need to cease in order for the site in question to comply with the GDPR. The CNIL also suggests use of an alternative analytics tool which does not involve a transfer outside the EU to end the breach. Additionally, it says it's launched an evaluation program to determine which website audience measurement and analysis services may be exempt from the need to obtain user consent (i.e. because they only produce anonymous statistical data which can be exported legally under GDPR). Which suggests the CNIL could issue guidance in future that recommends GDPR compliant alternatives to Google Analytics.

A European wide 'supergrid' could cut almost a third from energy costs according to a new study from the UCD Energy Institute. TechXplore reports: Evaluating the capabilities of Europe's energy network, the study, commissioned by SuperNode, found that a pan-European transmission system would reduce energy costs by 32 percent compared to the current approach. The 32 percent cost reduction identified is borne primarily from the expansion of European power flows -- derestricting them to allow the location of renewable generation to be optimized, thereby significantly decreasing the total installed capacity. While this scenario proposes an increase in transmission capacity, the costs were found to be insignificant compared to the cost savings in generation investment over the same period.

This study was an extension of work carried out by SuperNod, based on their Energy Scenario for Europe 2050 modeling -- which aims to predict future energy trends across the continent. Its modelling work, validated and extended by the UCD study and facilitated through ConsultUCD, demonstrates the net benefit of large investment into the development of new transmission assets to ensure more efficient utilization of Europe's renewable resources; highlighting bottlenecks where investment is required, such as higher levels of grid storage. [...] Another key finding from the UCD study is that the existing transmission system is not fit for purpose for Europe's energy future. Without accelerated investment in infrastructure, Europe will face challenges with load shedding, generation curtailment and excessively high emissions. The failure to achieve decarbonisation targets will not just undermine international climate efforts but will adversely affect Europe's economies and ability to compete on a global scale, the report notes. The study has been broken into two parts (PDFs).

Markus Reinisch, Vice President of Public Policy Europe at Meta, writing on company's blog: There has been reporting in the press that we are "threatening" to leave Europe because of the uncertainty over EU-US data transfers mechanisms. This is not true. Like all publicly-traded companies, we are legally required to disclose material risks to our investors. Last week, as we have done in our previous four financial quarters, we disclosed that continuing uncertainty over EU-US data transfers mechanisms poses a threat to our ability to serve European consumers and operate our business in Europe. We have absolutely no desire to withdraw from Europe; of course we don't. But the simple reality is that Meta, like many other businesses, organisations and services, relies on data transfers between the EU and the US in order to operate our global services. Further reading: We're Fine Without Facebook, German and French Ministers Say.

According to Reuters, SoftBank's sale of ARM to U.S. chipmaker Nvidia has collapsed. Instead, SoftBank is planning to proceed with an initial public offering (IPO) with ARM CEO Simon Segars expected to resign, handing the job to president Rene Haas. From the report: The deal, announced in 2020, had faced several regulatory hurdles. The U.S. Federal Trade Commission sued to block it in December, arguing that competition in the nascent markets for chips in self-driving cars and a new category of networking chips could be hurt if Nvidia carried out the purchase. The buyout is also under the scrutiny of British and EU regulators amid concerns that it could push up prices and reduce choice and innovation.

The sale would have marked an early exit from Arm for Softbank, which acquired it for $32 billion. Chief Executive Masayoshi Son has lauded the potential of Arm, but is slashing his stakes in major assets to raise cash. The Financial Times was the first to report that Softbank's Arm-Nvidia deal had collapsed. The Japanese investment giant would receive a break-up fee of up to $1.25 billion, FT quoted one of the people as saying.

Nissan is pulling the plug on its internal combustion engine development, except for the United States. Ars Technica reports: According to Nikkei Asia, the Japanese automaker has looked at the likely next set of European emissions rules and has decided it would be too expensive to design a new generation of engines that comply. Nissan is also not planning on any new internal combustion engines for Japan or China, although it will apparently keep refining existing engines and continue to work on hybrid powertrains. However, this new policy isn't a global one -- it doesn't apply to the US. That's because here, the automaker expects continuing demand for internal combustion engines, particularly in pickup trucks. If Nikkei Asia's reporting is correct, Nissan is just making explicit the fact that electrification of light passenger vehicles is going to be much more rapid in regions where governments create strong policy incentives.

Europe's ambitious plans to quadruple processor production are facing problems securing the required $48 billion without disrupting state aid and other existing projects. Apple Insider reports: Following the US Senate's allocating of $52 billion to boost domestic semiconductor production, the European Union is aiming to make similar investment. However, under EU laws, funding is chiefly already committed to projects until 2027. Nonetheless, according to Bloomberg, EU internal market commissioner Thierry Breton, has said that the plans will be "commensurate" with the US. At the same time, Commission President Ursula von der Leyen said the total investment would be $48 billion.

Plans for the EU Chips Act are due to be published on February 8, 2022, but it is already known that it requires investment from both public and private resources. Bloomberg says that $30 billion has been earmarked from public sources, and the remainder will include at least $12 billion from private companies. It's not clear where the rest of the shortfall will come from, but reportedly according to documents seen by Bloomberg, the larger question is over the bulk of the public funding.

The investment allegedly depends on EU countries with already over-stretched budgets. It's also possible that previously allocated funds may be changed, plus there are concerns about the loosening of state aid rules in order to finance the plan. EU plans reportedly say that state aid, "must be necessary, appropriate and proportionate." They go on to say that the EU will monitor state aid use to ensure it doesn't "adversely affect trading conditions."

Google is being sued in Europe on competition grounds by price comparison service PriceRunner which is seeking at least ~$2.4 billion in damages. From a report: The lawsuit accuses Google of continuing to breach a 2017 European Commission antitrust enforcement order against Google Shopping. As well as fining Google what was -- at the time -- a record-breaking antitrust penalty (2.42 billion euro), the EU's competition division ordered the search giant to cease illegal behaviors, after finding it Google giving prominent placement to its own shopping comparison service while simultaneously demoting rivals in organic search results. Immediately following the order, Google made some initial tweaks to how its product search service works -- doubling down on an auction model. But complainants were instantly critical of the changes, arguing they neither remedied the unfairness nor complied with the EU's requirement for equal treatment of price comparison services. The following year, an investigation by Sky News also accused Google of trying to circumvent the EU antitrust ruling by offering incentives to ad agencies to create faux comparison sites filled with ads for their clients' products which Google could display in the Google Shopping box to present the impression of a thriving marketplace for price comparison services.

An anonymous reader shares a report: If Meta is not given the option to transfer, store and process data from its European users on US-based servers, Facebook and Instagram may be shut down across Europe, the social media giants' owner reportedly warned in its annual report. The key issue for Meta is transatlantic data transfers, regulated via the so-called Privacy Shield and other model agreements that Meta uses or used to store data from European users on American servers. The current agreements to enable data transfers are currently under heavy scrutiny in the EU. In its annual report to the U.S. Securities and Exchange Commission, Meta warns that if a new framework is not adopted and the company is no longer allowed to use the current model agreements "or alternatives," the company will "probably" no longer be able to offer many of its "most significant products and services," including Facebook and Instagram, in the EU, according to various media reports, including in iTWire, The Guardian newspaper and Side Line Magazine.

Sharing data between countries and regions is crucial for the provision of its services and targeted advertising, Meta stressed. Therefore, it previously used the transatlantic data transfer framework called Privacy Shield as the legal basis to carry out those data transfers. However, this treaty was annulled by the European Court of Justice in July 2020, because of data protection violations. Since then, the EU and the US did stress they are working on a new or updated version of the treaty.

"Facebook is threatening it will simply pull out of Europe altogether if it is no longer able to share data about European users with its U.S. operations, applications, and data centres," reports ITWire.

It's customary for regulatory filings to preemptively declare a wide variety of possible future hazards, and in that spirit a recently-filed Meta financial statement cites a ruling by the EU's Court of Justice (in July of 2020) voiding a U.S. law called the Privacy Shield (which Meta calls one legal basis for its current dara-transferring practices). Though courts are now determining the ruling's ramifications, ITWire notes that "with the European General Data Protection Regulation (GDPR) well in force, the U.S. Privacy Shield principles were found non-compliant and consequently invalid." So while that ruling affects every American company, including cloud companies like Google, Microsoft, and Amazon, it's Facebook/Meta that "says stopping transatlantic data transfers will have a devastating impact on its targeted online advertisements capabilities."

Read it yourself, in Meta's own words:

"If a new transatlantic data transfer framework is not adopted and we are unable to continue to rely on Standard Contractual Clauses [now also subject to new judical scrutiny] or rely upon other alternative means of data transfers from Europe to the United States, we will likely be unable to offer a number of our most significant products and services, including Facebook and Instagram, in Europe, which would materially and adversely affect our business, financial condition, and results of operations."

Of course, the filing also cites other hazards like the possibility of new legislation restricting Facebook's ability to collect data about minors, complaining that such legislation "may also result in limitations on our advertising services or our ability to offer products and services to minors in certain jurisdictions."

And in addition, "We are, and expect to continue to be, the subject of investigations, inquiries, data requests, requests for information, actions, and audits by government authorities and regulators in the United States, Europe, and around the world, particularly in the areas of privacy, data protection, law enforcement, consumer protection, civil rights, content moderation, and competition..."

"Orders issued by, or inquiries or enforcement actions initiated by, government or regulatory authorities could cause us to incur substantial costs, expose us to unanticipated civil and criminal liability or penalties (including substantial monetary remedies), interrupt or require us to change our business practices in a manner materially adverse to our business, result in negative publicity and reputational harm, divert resources and the time and attention of management from our business, or subject us to other structural or behavioral remedies that adversely affect our business."

(Thanks to Slashdot reader juul_advocate for sharing the story!)

"A pre-pandemic policy on airport usage is pressuring airlines to keep 'ghost flights' in the air," Wired reported this week — adding "The climate impact is massive." Lufthansa, Germany's national airline, which is based in Frankfurt, has admitted to running 21,000 empty flights this winter, using its own planes and those of its Belgian subsidiary, Brussels Airlines, in an attempt to keep hold of airport slots. Although anti-air travel campaigners believe ghost flights are a widespread issue that airlines don't publicly disclose, Lufthansa is so far the only airline to go public about its own figures.... Lufthansa's own chief executive, Carsten Spohr [said] the journeys were "empty, unnecessary flights just to secure our landing and takeoff rights." But the company argues that it can't change its approach: Those ghost flights are happening because airlines are required to conduct a certain proportion of their planned flights in order to keep slots at high-trafficked airports.

A Greenpeace analysis indicates that if Lufthansa's practice of operating no-passenger flights were replicated equally across the European aviation sector, it would mean that more than 100,000 "ghost flights" were operating in Europe this year, spitting out carbon dioxide emissions equivalent to 1.4 million gas-guzzling cars. "We're in a climate crisis, and the transport sector has the fastest-growing emissions in the EU," says Greenpeace spokesperson Herwig Schuster. "Pointless, polluting 'ghost flights' are just the tip of the iceberg."

Aviation analysts are split on the scale of the ghost flight problem. Some believe the issue has been overhyped and is likely not more prevalent than the few airlines that have admitted to operating them. Others say there are likely tens of thousands of such flights operating — with their carriers declining to say anything because of the PR blowback.

After a years-long process, data protection officials across the European Union have ruled that Europe's ad tech industry has been operating unlawfully. Engadget reports: The decision, handed down by Belgium's APD (.PDF) and agreed by regulators across the EU, found that the system underpinning the industry violated a number of principles of the General Data Protection Regulations (GDPR). The Irish Council for Civil Liberties has declared victory in its protracted battle against the authority which administers much of the advertising industry on the continent: IAB Europe. At the heart of this story is the use of the Transparency and Consent Framework (TCF), a standardized process to enable publishers to sell ad-space on their websites. This framework, set by IAB Europe, is meant to provide legal cover -- in the form of those consent pop-ups which blight websites -- enabling a silent, digital auction system known-as Real-Time Bidding (RTB). But both the nature of the consent given when you click a pop-up, and the data collected as part of the RTB process have now been deemed to violate the GDPR, which governs privacy rights in the bloc.

The APD has ruled that any and all data collected as part of this Real-Time Bidding process must now be deleted. This could have fairly substantial implications for many big tech companies with their own ad businesses, including Google and Facebook, as well as big data companies. It may also have a large impact on many media platforms and publishers on the continent who will now need to address the fallout from the finding. Regulators have also handed down an initial fine of 250,000 euros to IAB Europe and ordered the body to effectively rebuild the ad-tech framework it currently uses. This includes making the system GDPR compliant (if such a thing is possible) and appoint a dedicated Data Protection Officer. Until now, IAB Europe has maintained that it did not create any personal data, and said in December that it was a standards setter and trade association, rather than a data processor in its own right. IAB Europe says the ruling did not ban the use of Transparency and Consent Frameworks, adding that it's looking to reform the process and "submit the Framework for approval as a GDPR transnational Code of Conduct."

According to Engadget, [I]t may launch a legal challenge to fight the accusation that it is a data controller, a decision it says will "have major unintended negative consequences going well beyond the digital advertising industry."

The EU is taking a "Europe First" approach to technological standardization. From a report: The European Commission on Wednesday presented a plan to bolster its influence in creating global technology standards, as the bloc currently risks falling behind in global standardization organizations, where tech giants, government regulators and experts gather to set rules for how emerging technology works -- everything from the internet to batteries, connected devices and beyond. Faced with the U.S.' market dominance and China's aggressive attempts to rewrite global rules, the EU wants to raise its game. "We need to make sure we're not just a standard-taker. We need to be a standard-setter," said Thierry Breton, the EU's industry commissioner.

The new strategy comes at the start of a bumper year for standard-setting, which often happens out of the public eye, in industry-dominated groups packed with technical experts. Deals struck in organizations like the U.N.'s International Telecommunications Union (ITU) and the International Organization for Standardization (ISO) define how technology is implemented across the world. The ITU's flagship conference is scheduled for September in Budapest, when a new secretary-general will be named. Meanwhile, other international groups are working quickly to set standards for artificial intelligence, green technology and other major sectors, with companies and government officials tussling over which technologies will dominate the digital economy in the coming decade. The EU's plan follows its industrial strategy, released in March 2020, which already showed the bloc wants to set up competing policy initiatives to defend its companies against rivals from China and the U.S. that benefit from large-scale investment and subsidy schemes.

Earlier this month, a German court fined an unidentified website $110 for violating EU privacy law by importing a Google-hosted web font. The Register reports: The decision, by Landgericht Munchen's third civil chamber in Munich, found that the website, by including Google-Fonts-hosted font on its pages, passed the unidentified plaintiff's IP address to Google without authorization and without a legitimate reason for doing so. And that violates Europe's General Data Protection Regulation (GDPR). That is to say, when the plaintiff visited the website, the page made the user's browser fetch a font from Google Fonts to use for some text, and this disclosed the netizen's IP address to the US internet giant. This kind of hot-linking is normal with Google Fonts; the issue here is that the visitor apparently didn't give permission for their IP address to be shared. The website could have avoided this drama by self-hosting the font, if possible.

The decision says IP addresses represent personal data because it's theoretically possible to identify the person associated with an IP address, and that it's irrelevant whether the website or Google has actually done so. The ruling directs the website to stop providing IP addresses to Google and threatens the site operator with a fine of 250,000 euros for each violation, or up to six months in prison, for continued improper use of Google Fonts. Google Fonts is widely deployed -- the Google Fonts API is used by about 50m websites. The API allows websites to style text with Google Fonts stored on remote servers -- Google's or a CDN's -- that get fetched as the page loads. Google Fonts can be self-hosted to avoid running afoul of EU rules and the ruling explicitly cites this possibility to assert that relying on Google-hosted Google Fonts is not defensible under the law.