The messaging service is sanctioned under several breaches of the obligations imposed by the GDPR. The National Commission for Data Protection Nevertheless recalls the efforts made by the Company to put itself in order.
Le Monde
Discord does not escape the sanction, but is a fine honorable: the National Commission for Data Protection (CNIL) announced Thursday, November 17, having imposed a sanction of 800,000 euros to the messaging and voice tool on IP. In its press release, the CNIL explains that it has noted several breaches of the obligations imposed by the General Data Protection Regulation (GDPR) and having chosen to inflict a fine of the American company editor of the Discord application. >
Among the grievances selected, the CNIL says it has noted that the company did not delete the accounts of its inactive users and did not have a clear policy on the conservation of user data. The committee’s examination has thus revealed “2,474,000 French user accounts that have not used their account for over three years and 58,000 accounts not used for more than five years”, or all data kept by Discord Without a deletion date to be indicated. However, the GDPR specifies in its principles that the personal data collected by a service can be preserved “for a period not exceeding that necessary in view of the purposes for which they are treated”.
According to this same logic, the CNIL also criticizes the mail application for a lack of information from users concerning these same data storage times. Discord has nevertheless complied during the procedure and now has a written policy of data shelf life and provides for an automatic deletion of accounts after two years of inactivity.
an application which remains open without warning
In addition to the question of conservation, the CNIL also considered that Discord lacked its data protection obligation. In question: the behavior of the application when a user clicks on the “X” button at the top right of the screen. If, in the vast majority of Windows applications, click on this button closes the application, this is not the case for Discord, which is content to minimize the window in the background, without warning the user that the application Always works, which “can lead to users are heard by other members present in the vocal living room, when they thought they had left it,” notes the CNIL. This behavior has also been corrected by Discord by adding a pop-up window warning the user that the microphone is still active.
The CNIL also estimated that the discord requirements for the creation of a password were insufficient to secure access to the account, and that the application had not carried out an impact analysis relating to data protection. Two points that Discord has corrected by enhancing password safety and by carrying out two impact analyzes, which concluded that the processing of data operated by Discord “is not likely to generate a high risk for rights and freedoms of people, “reports the Cnil.
Discord is an American platform offering a messaging tool coupled with vocal fairs. Mainly used in the world of online video games, the tool launched in 2015 is increasingly used by Internet communities to exchange. Widely carried by the containment period, the number of accounts recorded on the application in 2021 was estimated at more than 300 million, for 140 million active users on the platform.