Ethereum Proposes GDPR-Compliant Protocol Design for Enhanced Privacy

A new proposal for enhancing privacy on Ethereum through a modular architecture aims to ensure compliance with the GDPR regulations in the European Union while maintaining the principles of decentralization.

«Public blockchains like Ethereum continually encounter the challenge of reconciling immutability and decentralization with data protection regulations. The shift toward a modular architecture, bolstered by privacy-preserving technologies, offers a means to integrate GDPR principles directly into the protocol,» stated Eugenio Reggiani, the proposal’s author and a member of the Ethereum community.

He believes that by relocating personal data to the periphery (wallets and dapps), employing off-chain storage with metadata removal, and cryptographically separating roles, GDPR controller responsibilities can be focused on a limited number of entities, while the broader network acts merely as an «executor or becomes outside the regulatory scope.»

The primary goal is to delegate data management to relevant application-layer entities that choose to process personal data, Reggiani emphasized. Meanwhile, the lower-level infrastructure (execution and consensus clients) will solely manage anonymous or, at the very least, pseudonymous data.

«In essence, personal data should be transformed or abstracted before it reaches the blockchain execution layer, and certainly before it disseminates through the consensus layer,» the initiative’s proponent added.

He believes that Ethereum’s move towards a modular architecture could facilitate the integration of various privacy-enhancing technologies (PETs) that align with GDPR standards.

Reggiani also outlined a range of existing or planned solutions that could support this implementation. For instance, proto-danksharding (EIP-4844) limits the lifespan of transactional data blocks to approximately 18 days, which minimizes storage requirements.

The zk-SNARK technology will also enhance privacy as it involves the validation of concise cryptographic proofs.

Among other PETs, the expert mentioned fully homomorphic encryption, trusted execution environments, multiparty computation, the separation of «proposers» and «builders,» and sampling the availability of peer-to-peer data.

It is worth noting that in June, the non-profit organization Ethereum Foundation reduced part of its research and development team to focus on key challenges and critical issues of the protocol.