The French data privacy authority (DPA) announced that it will fine Discord, Inc. 800,000 euros under the General Data Protection Regulation (GDPR). Discord is a social messaging platform popular with gamers, technology enthusiasts, and the LGBTQ+ community.
The alleged GDPR breaches include failure to establish a written information security policy and data retention schedule, failure to require secure account passwords, and failure to conduct regular data protection assessments. The regulators specifically called out the Discord app’s unusual practice of staying active in the background, keeping the user active on voice chat after the user has clicked the “close” button.
The DPA noted in its findings that Discord cooperated with its investigation and has taken steps to remediate the alleged violations.