Comment on Discord Servers asking for Phone Numbers and 'Verification Levels'
philpo@feddit.de 10 months agoAs Discord is still unable to provide a GDPR compliant process for the phone number thing (and let’s not even start about personal ID), if I were a small game dev I would rather not make myself liable the way one does when using this - it’s simply fucking expensive.
thoughts3rased@sopuli.xyz 10 months ago
But it’s not the game dev that handles the information, so the game studio wouldn’t be at fault. The game dev never gets that info so isn’t storing anything. Discord would be liable for any GDPR infractions.
philpo@feddit.de 10 months ago
Nope, doesn’t work that way. The game dev is offering a networked service (community,support,etc.)in his name/trademark/brand and therefore is therefore liable for the data protection, it doesn’t matter at all if the dev is the data holder or not - that’s up to the dev to manage contractually with discord.
The concept of “not holding the data, not liable for the data” has been turned down by various high court rulings by now - Amazon and Microsoft amongst others have tried it and lost.
thoughts3rased@sopuli.xyz 10 months ago
Except that’s not how it’s working here. The only “contract” is the EULA that the developer agrees to when creating their discord account.
The developer doesn’t collect or store the data, nor have they entered an agreement with discord for them specifically to collect this data. The game developer does not sell access to the discord server (a violation of the EULA). All they have done is use a feature on Discord, available to every user and bound to the terms of both the EULA and Discord’s privacy policy.
If what you said was true, then any individual that enables the highest level of protection on any server of any size would end up being liable. This simply is not true. It would also mean that the lowest setting would also leave them liable as an email is stored, which is also not true.
It would also be incredibly hard to determine exactly what they’re liable for. Is it all the users who have Discord? All the members in their server? What if a user is in multiple servers with phone/email verification turned on?
Discord collects this information as part of their service for their verification purposes, including 2FA. The implication for the developer is nothing more than a flag on an account.
The difference between the developer and Microsoft/Amazon is that those two companies, while yes they don’t store it on their own servers, collect the data for use in their services for their profit for services they sell, run ads on, or collect more data to sell on. The game developer does not run discord, they do not sell discord, they have little agency over that server in discord, and is a service that discord provides. The game developer could pull out at any point and the service would still exist because it is not theirs.
TL;DR - The developer is not liable in the same way that X users aren’t liable for people who verify their phone number following them. It’s not their service, and the Discord EULA and Privacy Policy apply.
planish@sh.itjust.works 10 months ago
But if the developer makes a Discord “server” for their game community, they are telling Discord to set up a service. If the developer encourages people to join it and retains moderation rights, they’re taking that service they ordered from Discord and providing it to other people. If the developer failed to get some legally required in their jurisdiction contractual terms from Discord about what Discord can and can’t do with data on the people who use the service, the developer could get in trouble when they provide that service to people without the service following local laws.