Shor’s Algorithm and Data Protection: When Quantum Computing Outpaces Privacy Law

Shor’s Algorithm Risks for Data Protection: How Quantum Computing Is Outpacing Privacy Law

Privacy law rests on a quiet assumption: that encrypted personal data is, for practical purposes, unreadable to anyone without the key. Data-protection regimes across the world lean on that idea when they treat encryption as a core safeguard, the technical measure that turns a stolen database into useless noise. A single quantum procedure threatens to remove that assumption altogether. It could unravel the public-key cryptography that protects most personal data in transit and at rest, and with it the legal comfort that encrypted means safe. The law has not caught up. Regulators still write as though strong encryption were permanent, while researchers steadily shrink the resources needed to defeat it. This article examines the collision between two timelines, the technological one and the legal one, and what it means for anyone responsible for protecting personal information.

Key Takeaways

  • Most data-protection law treats encryption as a central safeguard, yet rarely addresses the quantum risk to it.
  • A single quantum method could break the cryptography that secures personal data in storage and transit today.
  • Information collected and retained under legal duties can be captured now and decrypted later.
  • The duty to use measures suited to the prevailing standard may soon demand quantum-resistant encryption.
  • Surveys suggest very few organisations have any migration plan, leaving a wide and growing compliance gap.

The Assumption Underneath Privacy Law

Encryption sits at the centre of every modern data-protection framework. When a regulation asks an organisation to keep personal data secure, encryption is almost always the measure it has in mind, and the safeguard supervisory authorities look for after a breach. Yet the protection it offers depends entirely on a mathematical bet: that certain sums are easy to perform but practically impossible to reverse. The most widely used schemes, RSA and elliptic-curve cryptography, rely on the difficulty of factoring enormous numbers or solving discrete logarithms. In 1994 the mathematician Peter Shor showed that a sufficiently capable quantum computer could perform exactly those calculations efficiently. Understanding how Shor’s algorithm breaks encryption is therefore the starting point for any serious assessment of long-term data-protection risk: it reframes a hard problem as a tractable one, collapsing a task that would take a classical machine longer than the age of the universe into something measured in hours or days.

One Law, Many Rulebooks, and All of Them Quiet on Quantum

For a lawyer rather than a cryptographer, the significance lies in what the law expects and what it leaves unsaid. Consider how the major regimes treat security. The picture that emerges is consistent: every framework demands strong protection, and almost none names the quantum risk that may one day undermine it. This silence is rooted in the same broader transformation that has reshaped the evolving right to privacy across the digital era, where principles drafted for one technological moment must be applied to the next.

Regime Jurisdiction Security standard Names quantum?
GDPR EU and UK Appropriate measures, including encryption No
DPDP Act 2023 India Reasonable security safeguards No
CCPA / CPRA California Reasonable security procedures No
HIPAA United States Technical safeguards for health data No

Table 1: Every major regime relies on encryption as a safeguard, while none yet addresses the quantum threat to it.

Where the European framework is most useful is in its wording. It requires controllers and processors to put in place appropriate technical and organisational measures, expressly including encryption, while taking into account the state of the art. That phrase does most of the work. India’s data-protection statute speaks of reasonable security safeguards; California asks for reasonable security procedures; health-sector rules demand technical safeguards. None of these standards is fixed. Each is judged against what is currently understood to be adequate, which means the legal benchmark moves as the technology around it moves.

Harvest Now, Decrypt Later: The Legal Time Bomb

The most immediate legal danger is not the arrival of a quantum computer years from now, but a tactic that exploits the gap in the meantime. Known as harvest now, decrypted later, it involves capturing encrypted records today and storing them until decryption becomes possible. For data-protection law the consequences are unusually sharp, because so much personal data is held under positive legal duties to retain it. Health and genetic records may have to be kept for decades; financial records for several years; tax, employment, and litigation material for long periods besides. The very obligations that require organisations to keep this information are what leave it exposed, because long-lived sensitive data is precisely what an adversary collecting today hopes to read tomorrow. This is the difficulty at the heart of the confidentiality of healthcare data and other long-retention categories, where the duty to hold the record and the duty to protect it pull in opposite directions.

The chart below makes the timing problem concrete. When the period for which data must remain confidential is set against credible estimates for when quantum decryption may become feasible, a large share of the most sensitive categories falls on the wrong side of the line.

Figure 1: Much long-lived data must stay confidential well beyond the point at which quantum decryption may become feasible.

The “State of the Art” Standard Is a Moving Target

This is where that wording about prevailing practice becomes more than a drafting detail. As quantum-resistant algorithms move from research into standards, the legal question shifts. In August 2024 the United States standards body finalised its first three post-quantum algorithms, and adoption has begun across browsers, messaging platforms, and security products. Once quantum-safe cryptography is widely available and recognised as the responsible choice for long-lived data, an organisation that continues to rely solely on algorithms known to be vulnerable may struggle to argue that its measures remain appropriate. The same regime also asks for a process of regularly testing and evaluating the effectiveness of security measures, which points towards crypto-agility, the capacity to change algorithms as the threat evolves. Increasingly, the platforms and services that handle regulated information, including those meeting strict data-protection compliance standards, are building stronger encryption by default, narrowing the excuse for inaction.

The Compliance Gap

If the law is slow, practice is slower still. A 2025 industry survey found that only around five per cent of organisations had defined any strategy to prepare for the quantum threat, even though a clear majority were aware of and concerned about it. That gap between awareness and action is itself a governance problem, of the kind that sits alongside the legal risks of new technology that boards are now expected to identify, document, and manage. A regulator examining a future breach of harvested data is unlikely to be impressed by an organisation that recognised the risk and did nothing.

What Compliance and Legal Teams Should Do

None of this requires panic, but it does require a plan, and the plan maps neatly onto duties that already exist. The table below sets out the practical steps and the legal hooks that support them, so that quantum readiness becomes an extension of ordinary compliance rather than a separate project.

Step Legal anchor What it means in practice
Cryptographic inventory Duty to assess and test measures Map where vulnerable encryption protects personal data
Risk assessment Impact assessment for high-risk processing Prioritise long-retention and special-category data
Crypto-agility Measures fit for prevailing practice Build the ability to swap algorithms as standards evolve
Retention review Storage limitation principle Hold sensitive data no longer than the law requires
Processor terms Controller-processor obligations Write quantum-readiness expectations into contracts

Table 2: Quantum readiness is not a new legal regime; it is a set of existing duties applied to a new risk.

The Window Is Closing

Set against estimates that place a capable machine somewhere in the 2030s, with the resources required to break common keys having fallen sharply in recent years, the window to act is narrower than it appears. Migration across a complex estate takes time, and any data that must remain confidential beyond the early 2030s is, in effect, already at risk. The responsible course is to treat encryption not as a permanent shield but as a control with a service life, and to plan its replacement before the law, or an adversary, forces the issue.

Frequently Asked Questions

Does any privacy law currently require quantum-safe encryption?

Not in explicit terms. No major data-protection statute yet names post-quantum cryptography as a requirement. However, the prevailing standards, whether framed as appropriate measures judged by the prevailing standard or as reasonable security, are deliberately flexible. As quantum-resistant methods become standard, those open-ended duties are the most likely route by which migration becomes a de facto legal expectation.

What does the harvest-and-wait tactic mean for a data controller?

It means a breach can occur today and only become apparent years later. An adversary copies the encrypted records now and waits for the capability to decrypt them. Because the data was unreadable when taken, nothing seems wrong at the time, yet the controller’s confidentiality obligation is already compromised for any information that retains its sensitivity into the quantum era.

Is encryption still a valid safeguard under current law?

Yes. Today’s strong encryption remains an effective and expected measure, and nothing here suggests abandoning it. The point is narrower: the appropriateness of a measure is judged against the prevailing standard, which is shifting. Relying solely on quantum-vulnerable algorithms for data that must stay secret for decades is the specific concern.

Which categories of data face the greatest legal exposure?

Long-lived sensitive information. Health and genetic data, financial records, intellectual property, and government or national-security material all carry confidentiality requirements that stretch well beyond the expected arrival of quantum decryption, which makes them the natural targets of a harvest-now strategy.

What should a data protection officer do first?

Begin with a cryptographic inventory to identify where vulnerable algorithms protect personal data, prioritise long-retention and special-category data through a risk assessment, build crypto-agility into systems, revisit retention schedules so nothing is held longer than necessary, and write quantum-readiness expectations into processor contracts.

The Bottom Line

The danger that quantum computing poses to encryption is often framed as a problem for cryptographers or national-security agencies, but it is squarely a data-protection problem as well. The safeguards that privacy law depends upon, and the assumption that encrypted information stays private, rest on mathematics that a known algorithm is built to defeat. The law has the tools to respond, in its flexible standards, its duty to assess risk, and its insistence on measures fit for current practice, but those tools have to be picked up. For controllers and their advisers, the prudent reading is that the obligation to protect personal data already extends to protecting it against tomorrow’s decryption, not merely today’s. The organisations that recognise this early will not only reduce their exposure; they will be the ones best placed to show, when asked, that they took the risk seriously while there was still time to act.

References

Regulation (EU) 2016/679 (GDPR), Article 32 – Security of processing — https://gdpr-info.eu/art-32-gdpr/

NIST, NIST Releases First 3 Finalized Post-Quantum Encryption Standards (13 August 2024) — https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards

  1. Gidney and M. Ekerå, How to factor 2048 bit RSA integers in 8 hours using 20 million noisy qubits (2019) — https://arxiv.org/abs/1905.09749
  2. Gidney, How to factor 2048 bit RSA integers with less than a million noisy qubits (2025) — https://arxiv.org/abs/2505.15917

The Digital Personal Data Protection Act, 2023 (India) — Ministry of Electronics and Information Technology.

Fact Check: The legal provisions (GDPR Article 32, India’s DPDP Act 2023, the CCPA, and HIPAA), the August 2024 NIST post-quantum standards, the qubit estimates, and the readiness survey cited here were verified against primary and authoritative sources as of 26 June 2026. Confidentiality horizons in Figure 1 are illustrative of common retention periods rather than exact statutory figures. Sources appear in the References section.