It really depends. If the website links to a URL that is the same for everyone on every website which uses that font, then without a referrer header (which is up to the browser to send) there is not much tracking info.
But if the website uses a URL that is unique for that site, or even for each user, that is absolutely something I'd hold the website owner responsible for.
Of course. Good point. If an individualized URL would be used, it would be another story.
Though I don’t think that Google Fonts URLs contain individualized parameters by default that disclose either the user’s IP address or the site visited. The ruling also does not mention that this is what happened here. All the site user did, from what I can see, is embed a Google Font.
Had the site owner put an automatic JavaScript redirect to Google on his page, he’d be just as liable, according to the logic of this ruling.
But if the website uses a URL that is unique for that site, or even for each user, that is absolutely something I'd hold the website owner responsible for.