This
article highlights the tension that lies between the General Data Protection
Regulations (GDPR’s)
security and minimization principles. The implementation of state-of-the-art
technologies, such as entanglement or blockchains, offers promising
opportunities for data controllers to guarantee the security of the data they
process, particularly in relation to availability and accuracy. On the other
hand, such technologies may enter into conflict with other obligations,
especially regarding the erasure of data (at the end of data life or requested
by the data subject). We argue that the interpretation of the notion of erasure
shall not be limited to the physical destruction of the data, but shall also
extend, when technical measures implemented for the purpose of guaranteeing
security do not allow for the physical destruction of the data, to ‘relative erasures’, or processing activities that have
for effect to put the data beyond use in a way that makes it impossible, for
the controller or third parties, to process it again without disproportionate
efforts. Such interpretation would allow data controllers who implement strong
security measures to comply with the GDPR. Combined with a careful design of privacy,
it may further guarantee the data subject’s rights without requiring detrimental security
concessions.