top of page

Discord was fined $830k for GDPR infractions

The French data protection authorities fined Discord 800,000 euros (about $829,000) for several violations of the General Data Protection Regulation (GDPR) concerning the protection of user data. Discord is a popular communication service mostly used by the video game community.

Thursday, the CNIL announced the fine following an examination into the U.S. company's GDPR compliance. The investigation identified a number of noncompliances with data privacy law standards. The CNIL observed that Discord resolved each shortcoming.

“The amount of the fine was decided regarding the breaches identified, the number of people concerned, but also taking into account the efforts made by the company throughout the procedure to reach compliance and the fact that its business model is not based on the exploitation of personal data,” the regulator said.

The specifics: The alleged GDPR infractions primarily involved data retention periods and data security. For instance, the CNIL reported discovering over 2,4 million French user profiles in Discord's database that had not been used in at least three years. According to the authority, the company, which lacked a defined data retention policy, has changed its procedures and now deletes inactive accounts after two years.

Additionally, the corporation was criticised for failing to conduct a data protection impact assessment because it deemed it unnecessary. The CNIL disagreed, citing Discord's popularity among minors, and the business conducted two impact evaluations relating to its primary services.

Inadequate password management and a problem in which users believed they had left a voice conversation but were still audible to other participants were also reported. Discord has increased its minimum password requirements and added a pop-up window to alert users when the application is still operating after they have left a session.

Discord response: “Discord was created to be a place where people can come together and find belonging. Respecting user data and privacy is core to that mission,” said a company spokesperson. “We appreciate the opportunity to engage with CNIL as protecting user privacy is very important to us.

“The report is based on product features and practices from 2020 that have since been updated. We’re committed to working with regulators around the world, and we continuously update ou



bottom of page