I think that covers what we’re talking about here. As in, it is ok to just delete the link between a real person to an anonymous key and not all their anonymised data. That allows one to avoid having to delete all the data itself (imagine how hard that would be from historical backups etc).
Like that text says, as long as a single person can be - even indirectly - identified from the data, it's only pseudonymized, and the GDPR protections apply. Even an IP address can be personal data.
Yes, the point is also to limit "merges" of databases, which build extremely detailed profiles from seemingly inconsequential records. As the US Privacy Protection Study Commission wrote way back in 1977,
“The real danger is the gradual erosion of individual liberties through automation, integration, and interconnection of many small, separate record-keeping systems, each of which alone may seem innocuous, even benevolent, and wholly justifiable.”
I don’t have a citation handy, but solutions such as “encrypt hthhe data and instead of deleting the data trash the key” have at least been discussed for environments where actually deleting data is hard (event-based storage, cold long-term backups) etc.
From a technological perspective that data would be as good as deleted, even if strictly speaking it still exists.
I believe his point is that in encrypting the data, you are overwriting it - with the encrypted version, which without the key is effectively 'random data'. It's not actually random though, so I don't agree that the data has technically been deleted. Do agree with you that it might as well have been though, so certainly should be good enough.
The idea is slightly different though: you encrypt the individuals data before it ever goes to permanent storage, backup or so. And when it’s time to delete that data, you discard the key instead, effectively making that data inaccessible.
