The CNIL, the French data protection body, imposed a fine of 800,000 euros on Discord, about R$ 4.4 million in direct conversion, after identifying that the platform is not complying with the guidelines that determine how data from users users must be handled by the developer.
According to an investigation by the authorities, the app is not complying with the General Data Protection Regulation (GPDR), a law equivalent to the LGPD in Europe, committing some faults regarding user privacy and application security regarding login and account storage.
In a statement (read), the entity reinforces the lack of an alert about the microphone being turned on in group calls while the app runs in the background. In addition, the CNIL points out vulnerabilities in the password format required to create accounts on the social network, considering the amount and type of characters insufficient to protect the account.
In parallel to this, the report says that Discord has a total of 2,474,000 French user accounts in the Discord database that had not been used for over three years and 58,000 accounts that had not been used for over five years, failing to respect the data retention period — the issue has been resolved under GPDR obligation.
After the privacy specialists took notes, Discord began to correct the problems reported by the CNIL in order to comply with French legislation. Although most of the penalties have been resolved, the fine of 800,000 euros prevails and the company must pay it to continue offering its services in the country.
In addition to Discord, Meta was also recently fined by the Irish regulatory body for a major leak of Facebook user data between the years 2018 and 2019.