The French CNIL has demanded a fine for violations of the EU’s GDPR.

French privacy and data authority CNIL announced that US tech company Discord has been fined €800,000 for violating the EU’s GDPR.

Discord is a platform that allows users to communicate over the internet via microphone, chat and webcam. The service includes an instant messaging service, in which users can create community servers, chat groups and conference rooms.

According to CNIL, the amount of the fine was decided based on the breaches identified and the number of people concerned. The agency also considered “the efforts made by the company throughout the procedure to reach compliance and the fact that its business model is not based on the exploitation of personal data”.

In fact, the sum of €800,000 is modest when compared with some of the other fines that the CNIL has levied, including the €20 million Clearview fine for GDPR violations and the combined €210 million Facebook and Google fine over the use of cookies earlier this year.

Infractions

The CNIL says that Discord violated the GDPR in several ways. First and foremost, clicking the ‘X’ button in voice chats did not disconnect users, even though the button was presented as a means of exiting a chat.

The CNIL said that clicking the ‘X’ in most Windows applications terminates the program, but in Discord, it simply moves the application to the background. This, the CNIL said, could lead to users unknowingly broadcasting private conversations to anyone participating in a chat.

The agency’s investigation also revealed that Discord allowed users to input weak passwords of six alphanumeric characters. The service now requires users to have an eight-character password that includes all four character types.