New Ethereum Proposal Aims for GDPR Compliance Through Modular Protocol Design

A new proposal aimed at ensuring the privacy of Ethereum using modular architecture seeks to comply with the GDPR regulations in the European Union while maintaining decentralization principles.

“Public blockchains like Ethereum often encounter the challenge of reconciling immutability and decentralization with data protection laws. Transitioning to a modular architecture enhanced by privacy-preserving technologies offers a solution to embed GDPR principles directly into the protocol,” stated the proposal’s author and member of the community, Euhenio Reggianini.

He suggests that by placing personal data on the periphery (wallets and dapps), utilizing off-chain storage with metadata elimination, and cryptographically separating roles, it is possible to concentrate the responsibilities of GDPR controllers among a smaller group of entities while broader networks act merely as «executors or fall outside the scope of influence.»

The primary objective is to delegate information management to the relevant application-level subjects that decide to process personal data, Reggianini emphasized. Concurrently, the lower-level infrastructure (execution and consensus clients) will only handle anonymous or, at the very least, pseudonymous data.

“In essence, personal data should be transformed or abstracted before reaching the execution level of the blockchain and, certainly, before being disseminated through the consensus layer,” added the initiative’s proponent.

He believes that Ethereum’s shift to modular architecture can facilitate the integration of various privacy-enhancing technologies (PET) that align with GDPR standards.

Reggianini also outlined a number of existing or planned solutions that would aid in this implementation. For instance, proto-danksharding (EIP-4844) reduces the lifespan of transactional blocks containing data to about 18 days, thereby minimizing storage requirements.

The zk-SNARK technology is also expected to enhance privacy by allowing validators to confirm brief cryptographic proofs.

Other PETs identified by the expert include fully homomorphic encryption, trusted execution environments, multi-party computations, the separation of «providers» and «builders,» and the sampling of availability of peer-to-peer data.

As a reminder, in June, the non-profit organization Ethereum Foundation reduced part of its research and development team, focusing on key challenges and core issues of the protocol.