Sorry but the points are totally valid. If you delete your account your messages are still available with a userid that if someone has it can be traced back to you. They also don't delete files or pictures you uploaded alone for this they should get fined.
Props to the EU for keeping data giants accountable. It is a shame the data protection authorities only have resources to process so many companies, unfortunately, many get away with much more harm to user privacy.
> When a user logged into a voice room closes the DISCORD application window by clicking on the "X" icon at the top right of the window in Microsoft Windows, they actually just put the application in the background and stay logged into the voice room. However, in Microsoft Windows, clicking on the "X" at the top right of the last visible application window will exit the application for the vast majority of applications.<p>Interesting this is considered [Microsoft] Discord's fault and not Microsoft Windows. I quit Discord with Cmd-Q, does Alt-F4 <i>not</i> do the right thing on Windows? The only popular program I know evil enough to override Cmd-Q is Chrome, and I blame Apple for the failing.
Seems insane, many apps keeps running with an icon visible in the notification area when exited like that. Discords icon also shows if you are in a voice channel.
Something worth noting that a lot of comments are ignoring here: while this fine is coming from the EU, these kinds of data protection rules are _everywhere_ now - this is no longer really EU-specific.<p>The reality is that it's not an US companies vs EU data protection law battle - it's US companies vs data protection laws in the comfortable majority of all other developed nations. The EU, UK, Switzerland, Canada, Brazil, Israel, South Korea, Argentina, Japan, New Zealand, Indonesia, Uraguay, etc, all have substantial data protection legislation. The EU has an published list of countries whose data protection laws are considered equivalent to GDPR: <a href="https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en" rel="nofollow">https://ec.europa.eu/info/law/law-topic/data-protection/inte...</a><p>While it's the EU fining Discord in this case, presumably the equivalent laws in each of those countries would also come to similar conclusions everywhere else too (though so far it seems the EU has more political appetite and clout to press the issue).<p>There's no world where Discord or other major US companies can pull out of the EU and keep following these practices, even if that was worthwhile. To avoid having to implement data protection practices, they'd have to drop the vast majority of all international users (and in Discord's case, <a href="https://www.similarweb.com/website/discordapp.com/#traffic" rel="nofollow">https://www.similarweb.com/website/discordapp.com/#traffic</a> suggests the US is currently <30% of their user base, so that's just not happening).
Just because I haven't logged in in two years doesn't mean I want my account deleted... And they get fined for putting the app in the tray when user click the X button? And because they accept 6 character passwords? Those regulations are insane.
It seems like they didn't even consider any of the real issues. Things like deleted messages appearing in requests for your data, leaving a chat (or deleting your account while you are in a chat) with a deleted user not deleting the messages and uploads even though nobody is supposed to be able to re-join it, people getting banned for using scripts to mass-delete their own posts and in some cases getting banned for manually deleting their own posts "too fast", "right to be forgotten" requests being ignored, etc.
I wonder how this is supposed to work with workplace apps such as Slack.<p>Assume I am leaving my job and want my personal information removed from this third-party service (Slack). They say [1] "Primary Owners of a workspace or org must contact Slack to request deletion of a deactivated member's profile information.". What if I contact the "Primary Owner" before leaving my job and they ignore my request, or if I've already left and don't know how to contact them or who they are? Why can't I simply request that my personal information be removed from a completely third-party American company's database?<p>I thought about this out loud before, and got the response "If you are using company account, company owns the data. The data produced during company time is company's property. Company has to request for deletion. Slack is right about it."<p>That made makes me ask more questions:<p>- Is my full name, birth date, telephone number, job and other details Slack collects company property?<p>- Can they also sell this to other third parties, along with my social security number, which the company also collected during business hours?<p>- Is Slack also free to sell this data to third parties?<p>- Does GDPR protect your personal information ONLY if you gave it away during your free / unemployed time using your personally owned devices and ONLY to services you have admin access to?<p>[1] <a href="https://slack.com/help/articles/360000360443-Delete-profile-information-from-Slack" rel="nofollow">https://slack.com/help/articles/360000360443-Delete-profile-...</a>
> When a user logged into a voice room closes the DISCORD application window by clicking on the "X" icon at the top right of the window in Microsoft Windows, they actually just put the application in the background and stay logged into the voice room.<p>> DISCORD's behavior is different and may lead to users being heard by other members in the voice room when they thought they had left.<p>Yeah, that's bad<p>I'm not such a big fan of password policies but 6 characters with no rate-limiting seems bad as well
So if I’m an American company and have no offices in Europe and ignore GDPR for my free customers, what happens? Will I get arrested by the Polizei when I land in Berlin? Will the US force me to pay these fines?
> the company has complied with this obligation under the GDPR during the procedure, as it now has a written data retention policy, which includes deleting accounts after two years of user inactivity<p>I find this interpretation of the GDPR surprising. Reviewing article 5.1.e there isn't any mention of timelines or any other definition of "necessary".<p>As a user, I wouldn't want my account blown away just because I haven't logged in for a while.<p>If this was e.g., an advertiser I don't have a direct relationship with, then yeah, purge that data! But data retention is a core of my relationship with Discord, so I want that data kept around.
I'm an EU citizen and support the GDPR. But it's only a question of time before the US will interpet these fines as an undeclared trade war and make up the legal framework to do retaliatory strikes against EU tech companies.<p>Borders and tariffs will be the long-term future of the Internet.
<i>yawn</i> Wake me up when they start imposing €800k fines on businesses that can't afford to pay. Right now, GDPR feels like a way to shake down large businesses for free money, not a serious law they want to impose for principled reasons.
Does Discord even have a corporate presence in the EU? For the French government to be fining companies because they happen to dislike the UI is such a random and unpredictable decision that it seems like a strong signal for US firms to not set up offices in the EU at all.
Some questions I need answered, that have yet to be answered in the article, or the comments here:<p>Does Discord have an officially established business presence in the EU? That is, do they have an office? Employees? Remote workers officially living in the EU? A business license of some sort?<p>One of the large questions here, entirely separate from the validity of the technical issues is of jurisdiction, and the answers are extremely unsatisfying.<p>Edit: Yes, I understand that the GDPR claims jurisdiction. But this isn't my question. My question is also not, "does Discord have customers in the EU", or even "...run servers located in the EU".<p>My question is only, "does Discord have an established business in the EU?" I was unable to find an answer with a short search, and I'm unsure where to look.