France: Issued CNIL fine to Discord over GDPR violations

On 10 November 2022, the French data protection authority (Commission Nationale de l'Informatique et des Libertés, CNIL) concluded its investigation into the digital communications platform Discord and issued a fine of EUR 800'000 for violations of the European Union General Data Protection Regulation (GDPR). In particular, Discord failed to adopt a written data retention policy and provide information regarding data retention periods to data subjects. Furthermore, CNIL found that Discord failed to comply with data protection by design requirements, implement measures to protect the personal data it collected and conduct a cybersecurity risk assessment.