Ask HN: If I store encrypted data but throw away the key does that violate GDPR?

[devjungle]

I thought this would be a violation as I'm not able to decrypt that data today, but as soon as technology got to a certain point, or true quantum computers become a thing, I'd be able to decrypt that date possibly trivially.

I was listening to a podcast where they described this as being a viable way of adhering to requests to delete personal information.

[luckylion]

Was any reason given as to why doing that to (effectively) delete data over just deleting or overwriting them?

[devjungle]

One point that wasn't mentioned in the podcast, but that I thought of, was that if you had sort of blockchain that meant the data could not be deleted.

[luckylion]

Yeah, that's an interesting problem and would make sense in that context. They wouldn't be encrypting it when the data needs to be deleted, but encrypt it from the start, keep the key offchain and delete the key when they are required to delete the data. The data would still be "available" ("it's in there somewhere, but we have no way to get it out"), but useless. Would be necessary to make sure that no metadata can be gathered from the encrypted data on the chain, so when my doctor deletes the key, you mustn't be able to ascertain that I was even a patient.

I don't know whether it would hold up in court though, but it's an interesting idea. With a private block chain, the risk would be a lot smaller that a single leaked key (i.e. the customer accidentally releasing it) would result in big problems. I've recently talked with a lawyer friend of mine about a similar topic, but he didn't know immediately whether that's legally sound.

[new_guy]

INAL but if you've kept the personal data - in whatever form - after they've requested it to be deleted, then you're in violation.

[discordance]

Seems like more of a philosophical question.

If it's not accessible then it's essentially lost. If a new technology comes about that makes it accessible, then you would be liable.

If you've lost the key, and have no intent on recovering the data due to GDPR or whatever, then why not just delete it to avoid any potential future liability?

[vardump]

> If you've lost the key, and have no intent on recovering the data due to GDPR or whatever, then why not just delete it to avoid any potential future liability?

Perhaps there are a lot of backups of this encrypted data, some of which are not under control of the person asking the question.

Or just consider a tape backup. How would you efficiently delete a part of data stored on a tape?

Deleting data can be a hard problem in some cases.