The CNIL fines Discord 800,000 euros

Discord does not escape the penalty, but makes amends: The National Commission for Computing and Liberties (CNIL) announced on Thursday November 17 that it had imposed a fine of 800,000 euros on the messaging and voice-over tool IP. In its press release, the CNIL explains that it has identified several breaches of the obligations imposed by the General Data Protection Regulation (GDPR) and has therefore decided to fine the American company that publishes the Discord application.

Among the confirmed complaints, the CNIL says it found that the company has not deleted the accounts of its inactive users and does not have a clear policy on the retention of user data. The examination of the committee thus showed that “2,474,000 French user accounts that have not used their account for more than three years and 58,000 accounts that have not been used for more than five years”, i.e. so much data stored by Discord without specifying a delete date. However, the GDPR sets out in its principles that personal data collected by a service may be retained “for a period not exceeding that necessary for the purposes for which they are processed”.

Following the same logic, the CNIL also criticizes the messaging application for not informing users of the same data retention periods. However, Discord has held itself accountable throughout the process and now has a written data retention policy and automatic account deletion after two years of inactivity.

Also read: Article reserved for our subscribers Clearview AI: “By reading the CNIL’s explanatory memorandum, we measure the legal uncertainty that weighs on our personal data”

An application that stays open without warning

In addition to the question of retention, the CNIL also found that Discord has breached its data protection obligation. Point of contention: the application’s behavior when a user clicks the button “x” at the top right of the screen. In the vast majority of Windows applications, if clicking this button closes the application, this is not the case with Discord, which simply minimizes the window in the background without warning the user that the application is still working, what “may cause users to be heard by other members present in the voice channel when they thought they had left”, notes the CNIL. Discord has also corrected this behavior by adding a pop-up warning the user that the microphone is still active.

The CNIL also considered that Discord’s requirements to create a password were not sufficient to secure access to the account and that the application had not carried out an impact analysis in terms of privacy. Two points Discord corrected by increasing the security of passwords and conducting two impact analyzes concluding that data processing by Discord “is not expected to pose a high risk to individual rights and freedoms”reports the CNIL.

Discord is an American platform that offers a messaging tool linked to language rooms. Mainly used in the world of online video games, the tool launched in 2015 is increasingly used by internet communities for sharing. The number of accounts registered in the application in 2021 was estimated at more than 300 million, largely due to the lockdown, representing 140 million active users on the platform.

Also read: Article reserved for our subscribers At school, national education tries to limit the influence of Gafam

The world

Leave a Reply

Your email address will not be published. Required fields are marked *