Discord is one of those places that makes me realise the failings of the GDPR. For all the talk about fines of '4% global turnover' for non-compliance Discord seems to get away with not having to delete data?
I mean, I thought after 2 years you're supposed to delete the data, assuming the account is inactive. Google started doing that and I imagine if your old long-forgotten account got hacked and there was messages/attachments from 2+ years ago they would be fully liable as data is not supposed to be held for longer than reasonable. 10 years can be considered unreasonable in most circumstances.
But I cannot fathom why they want to pay for this, it's basically an unlimited storage file hosting platform they must be hosting TB's of probably useless data.
> Discord is one of those places that makes me realise the failings of the GDPR. For all the talk about fines of '4% global turnover' for non-compliance Discord seems to get away with not having to delete data?
What data are you expecting Discord to delete?
Not everything is PII.
‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
I assume if I can log into my account and read old messages they are stored in a way that can be considered 'personal data'. For example, if they store my username and IP address with the messages then that is PII. Or even if they store a hash, if that can be traced back to 'me' then that would be PII.
As for messages, how can one know if each and every message may or may not contain PII? Or an attachment? You can't, which is why the best approach is a cautious one:
Delete all data from inactive accounts after 2 years, or even earlier to limit liability. The GDPR dictates you only store which is strictly required, messages from 10+ years ago from accounts that have not logged in for years have no right or nesscessity in being there
The deletion would be removing your user data but not past messages, like how current deletion work. Past messages get a new user ID shared amongst all deleted messages globally - 456226577798135808 - but attachments and content stays.
I mean, I thought after 2 years you're supposed to delete the data, assuming the account is inactive. Google started doing that and I imagine if your old long-forgotten account got hacked and there was messages/attachments from 2+ years ago they would be fully liable as data is not supposed to be held for longer than reasonable. 10 years can be considered unreasonable in most circumstances.
But I cannot fathom why they want to pay for this, it's basically an unlimited storage file hosting platform they must be hosting TB's of probably useless data.