
Ask HN: If I store encrypted data but throw away the key does that violate GDPR? - devjungle
I thought this would be a violation as I&#x27;m not able to decrypt that data today, but as soon as technology got to a certain point, or true quantum computers become a thing, I&#x27;d be able to decrypt that date possibly trivially.<p>I was listening to a podcast where they described this as being a viable way of adhering to requests to delete personal information.
======
luckylion
Was any reason given as to _why_ doing that to (effectively) delete data over
just deleting or overwriting them?

~~~
devjungle
One point that wasn't mentioned in the podcast, but that I thought of, was
that if you had sort of blockchain that meant the data could not be deleted.

~~~
luckylion
Yeah, that's an interesting problem and would make sense in that context. They
wouldn't be encrypting it when the data needs to be deleted, but encrypt it
from the start, keep the key offchain and delete the key when they are
required to delete the data. The data would still be "available" ("it's in
there somewhere, but we have no way to get it out"), but useless. Would be
necessary to make sure that no metadata can be gathered from the encrypted
data on the chain, so when my doctor deletes the key, you mustn't be able to
ascertain that I was even a patient.

I don't know whether it would hold up in court though, but it's an interesting
idea. With a private block chain, the risk would be a lot smaller that a
single leaked key (i.e. the customer accidentally releasing it) would result
in big problems. I've recently talked with a lawyer friend of mine about a
similar topic, but he didn't know immediately whether that's legally sound.

------
new_guy
INAL but if you've kept the personal data - in whatever form - after they've
requested it to be deleted, then you're in violation.

------
discordance
Seems like more of a philosophical question.

If it's not accessible then it's essentially lost. If a new technology comes
about that makes it accessible, then you would be liable.

If you've lost the key, and have no intent on recovering the data due to GDPR
or whatever, then why not just delete it to avoid any potential future
liability?

~~~
vardump
> If you've lost the key, and have no intent on recovering the data due to
> GDPR or whatever, then why not just delete it to avoid any potential future
> liability?

Perhaps there are a lot of backups of this encrypted data, some of which are
not under control of the person asking the question.

Or just consider a tape backup. How would you efficiently delete a part of
data stored on a tape?

Deleting data can be a hard problem in some cases.

