Discord is violating GDPR Article 17. "Right to be forgotten" law. Anonymizing data doesn't solve a single thing.

Gone

• 7 de marzo de 2022 12:51
• Editado

Hello, as stated in the Title, Discord is not compliant with the GDPR Article 17. "Right to be forgotten." Anonymizing" the data doesn't make it practically useless but also a huge privacy violation and against the GDPR of people who want their data GONE after terminating their accounts. Not only is this useless but also a huge privacy risk when there's a data breach. And a massive target for doxxers, hackers, ect ect. All of your information becomes public information because Discord simply refuses to delete them. I want to delete my account i really do. I don't want anything to do with this app anymore but i want my messages to be ACTUALLY Deleted not just slapped a "Deleted User#0000" and thats about it. Be Compliant with the GDPR Article 17 for once Discord. Regards: Simply a tired and pissed off user.

7

• 

  balazs HIDEGHETY

  • 4 de mayo de 2023 12:55

  They confirmed this via support@
  So I'm waiting for their response, but it seems that I'll file a complaint at DPA!

  Based on that they know they violate GDPR for more than a year, there's no need to continue being polite to them. If their services matter more to them than my rights, then they do deserve a huge penalty!
  
  1. right to be forgotten (on any server) = no ID that they can track me once I rejoin later
  2. IP rights to the text I write + also GDPR rights on those are also violated

  2
• 

  Calaheim no.3

  • 31 de enero de 2024 11:23

  Have you had a response so far? Im having issues accesing my account so have requested acces to all my data. Which discord is refusing to provide so far.  Ive also filed a compliant at the AP (local GDPR agency)
  
  
   

  2
• 

  balazs HIDEGHETY

  • 31 de enero de 2024 12:33

  Well, solved, Calaheim no.3 - but it was terrible, and took I think 2 months if not more.
  
  I had to provide them with all the IDs based on the XML data I had to request first. Actually, I had even to reformat the data based on their 2nd request (yes, initially they were not clear enough). Lot of work for a simple and straightforward GDPR request: DELETE EVERY INTERACTION ON A GIVEN DISCORD SERVER.
  
  But they still have and keep one ID that can be backtracked to me, so leaving and re-entering the server keeps a visible trace for every user, that it's still me (if that trace would be just some audit and internal, that's fine)…but I guess we have to live with that - and I can file a local complaint…
  
   

  1

Iniciar sesión para dejar un comentario.