This came up on Hacker News yesterday and it seems relevant to the discussion here: GDPR penalty for passing on of IP address to Google by using Google Fonts | Hacker News
(I don't read German so this is based on comments on HN) A company has been fined for GDPR violation because it used Google fonts on its website and it caused client's browsers send a GET request to Google servers thus leaking IP addresses.