Discord Privacy News

Discord delays global rollout of age assurance measures to H2 2026 after user backlash over privacy concerns. No mass ID collection planned; new vendor transparency commitments announced. (Discord Blog, also covered by BBC)

Discord announced a global 'teen-by-default' system, treating all users as minors unless they complete age assurance. Unverified users cannot unblur sensitive content, access age-restricted channels, or change message request settings. Age verification uses on- device facial age estimation or government ID submission. The rollout, beginning in early March 2026, expanded protections first deployed in the UK and Australia in 2025.

Discord disclosed that attackers compromised its third-party customer support vendor 5CA, which operated through Discord's Zendesk ticketing system, beginning around September 20, 2025. Approximately 70,000 government-issued ID photos submitted for age verification were exposed, along with names, email addresses, IP addresses, partial billing data, and support ticket transcripts.

Discord disclosed it may acquire data from third parties (e.g. engagement with content or games outside Discord) to show more relevant sponsored content. Expanded data sharing with measurement partners to gauge ad effectiveness. Introduced new Data Privacy Controls, but the update was criticized for being rolled out quietly via an in-app pop-up.

Researchers at the Federal University of Minas Gerais (Brazil) published a dataset of over 2 billion Discord messages scraped from 3,167 public servers spanning 2015–2024, covering 4.7 million users. Though the researchers claimed to have anonymized the data, the scraping violated Discord's Terms of Service. A separate tool called 'Searchcord' appeared using non-anonymized data from a different scrape, compounding user privacy concerns.

New Jersey Attorney General Matthew Platkin filed the first state lawsuit against Discord, alleging the platform violated the New Jersey Consumer Fraud Act by misleading parents about child safety features. The complaint cited Discord's failure to enforce its age-13 minimum, default settings that allowed anyone to send friend requests to minors, and a 'Safe Direct Messaging' filter that did not scan messages between friends by default.

Reports revealed that Spy.pet, a data scraping service operating since November 2023, had harvested over 4 billion public messages from 14,000+ Discord servers and built profiles on 620+ million users, selling the data for cryptocurrency. Discord banned all affiliated accounts and took the site offline by late April 2024, stating it was considering legal action.

Discord reorganized its policy documents and introduced a mandatory arbitration clause and class-action waiver for US users. The privacy policy expanded disclosures about how Discord uses data to personalize user experience, with new user-facing toggle controls under Privacy & Safety settings.

Amid the launch of AI features (OpenAI-powered Clyde chatbot, AutoMod AI, Conversation Summaries), Discord removed then reinstated language promising not to store voice and video call contents. The reversal came within 24 hours after widespread user backlash over fears that voice data would be used for AI training.

France's data protection authority (CNIL) fined Discord €800,000 for multiple GDPR violations. Discord had no written data retention policy, with 2.47 million French accounts inactive for over three years still in its database. The CNIL also found that Discord's voice channel behavior — where closing the app window kept users connected and audible — violated data protection by default principles, and that its six-character password minimum was insufficiently secure.

Discord rewrote its privacy policy in plain language and added explicit detail about international data transfers. Named specific third-party service providers (Google, Stripe, PayPal) and advertising platforms with which data is shared.

Discord shut down its Nitro Games catalog and game store, removing the game library bundled with Nitro subscriptions since October 2018. This reduced the scope of game-related data Discord collected through its storefront, including purchase history, play-time tracking, and library activity data tied to user accounts.

Discord published its first-ever Trust and Safety Transparency Report, covering January 1 through April 1, 2019. The report disclosed enforcement statistics for a platform of over 250 million registered users, including actions taken against servers and accounts for policy violations such as harassment, child safety, and extremism.

Discord quietly added a mandatory binding arbitration clause and class-action waiver to its Terms of Service, coinciding with its launch of a game store and Nitro subscription games. The change provoked significant user backlash, as Discord initially provided no advance notice. Discord subsequently published a blog post explaining the changes and offered a 90-day opt-out window via email.

US Magistrate Judge Joseph Spero upheld a subpoena ordering Discord to turn over account data of anonymous users who participated in planning the 2017 Charlottesville Unite the Right rally. The ruling rejected First Amendment anonymous-speech arguments, finding that plaintiffs' need for the information outweighed users' anonymity interests. This set a precedent that Discord user data could be compelled through civil discovery.

Discord updated its privacy policy to comply with the EU General Data Protection Regulation (GDPR), effective May 25, 2018. The update established Discord Netherlands BV as the data controller for European Economic Area users, added explicit disclosures about legal bases for data processing, and introduced the ability for users to download their personal data. Discord applied these changes globally, not just to EU users.

Discord announced Rich Presence, a new SDK allowing game developers to integrate deeply with Discord and share real-time gameplay data including current game mode, session duration, party size, and spectator availability. While presented as a social feature, Rich Presence expanded the scope of activity data flowing through Discord's platform and raised early concerns about process-level monitoring of users' devices.

After the violent Unite the Right rally in Charlottesville, Virginia on August 12, Discord shut down servers used by white supremacists to plan and organize the event, including the AltRight.com server and the 'Charlottesville 2.0' planning server. Unicorn Riot published leaked chat logs from these servers, exposing private Discord messages from thousands of users involved in far-right organizing. Discord condemned 'white supremacy' and 'neo- Nazism,' marking the platform's first major content moderation and user-data-exposure crisis.