Comment by fiddlerwoaroof
3 days ago
In theory, you could store a private key on the device and cryptoshred the data on Microsoft’s servers when the setting is disabled (Microsoft deletes their copy of the key). Then, when the feature is re-enabled, upload the private key to Microsoft again.
Does that meet the legal requirement to delete data when requested? I am not sure it does.
As far as I know, most data protection laws accept cryptoshredding as long as the party with a deletion requirement actually destroys the key. For one thing, it’s hard to reconcile deletion requirements with immutable architectures and backups without a mechanism like this.
IANAL, but I think the key remaining in the user’s possession doesn’t matter as far as the company with a deletion requirement is concerned.
If the key remains on the users device but under the control of the app, does that count as out of control of the app?
Maybe you'd have to force the user to export the key to an external file (and forget the path) or encrypt it with some mechanism that the app isn't in control of.