Is a Relative Definition of the Notion of Erasure the Much Sought-After Solution to the Dilemma Between Robust Integrity and Total Eradication?

Abstract

This article highlights the tension that lies between the General Data Protection Regulations (GDPR’s) security and minimization principles. The implementation of state-of-the-art technologies, such as entanglement or blockchains, offers promising opportunities for data controllers to guarantee the security of the data they process, particularly in relation to availability and accuracy. On the other hand, such technologies may enter into conflict with other obligations, especially regarding the erasure of data (at the end of data life or requested by the data subject). We argue that the interpretation of the notion of erasure shall not be limited to the physical destruction of the data, but shall also extend, when technical measures implemented for the purpose of guaranteeing security do not allow for the physical destruction of the data, to ‘relative erasures’, or processing activities that have for effect to put the data beyond use in a way that makes it impossible, for the controller or third parties, to process it again without disproportionate efforts. Such interpretation would allow data controllers who implement strong security measures to comply with the GDPR. Combined with a careful design of privacy, it may further guarantee the data subject’s rights without requiring detrimental security concessions. GDPR, erasure, minimization principle, right to erasure, data life cycle, anti-tampering technologies, blockchain technologies, data availability, data integrity, data deletion, data erasure