As the Ethereum ecosystem and its fundamental principles evolve to tackle data privacy issues, a recent proposal advocates for a modular compliance approach as a means to align public blockchains with the European Union’s General Data Protection Regulation (GDPR). On Monday, Ethereum community member Eugenio Reggianini introduced a proposal recommending a modular architecture for efficient data management and enhanced privacy. “By decentralizing personal data to the edges (wallets and DApps), utilizing offchain storage combined with metadata erasure, and cryptographically dividing roles, we can concentrate GDPR controller responsibilities on a limited set of entities, while the broader network acts merely as processors or falls outside the scope, ” explained Reggianini. Ethereum’s shift toward a modular architecture may facilitate the incorporation of multiple privacy-enhancing technologies (PETs) that, according to Reggianini, can ensure GDPR compliance within permissionless blockchain settings. Technical roadmap: employing PETs The proposal highlights various technologies already in use or proposed for Ethereum that help minimize exposure of personal data. Among them is proto-danksharding (EIP-4844), which restricts the lifespan of transaction blobs to about 18 days, thereby enforcing data storage minimization. Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (zk-SNARKs) also bolster privacy by allowing validators to verify succinct cryptographic proofs instead of directly accessing transaction details, significantly reducing onchain data visibility. Additional PETs that could aid GDPR adherence include Fully Homomorphic Encryption, Trusted Execution Environments (TEEs), multiparty computation (MPC), Proposer-Builder Separation (PBS), and Peer Data Availability Sampling (PeerDAS). Ethereum’s modular compliance framework The proposal examines GDPR’s impact over Ethereum’s three layers: execution, consensus, and data availability. In this model, the execution layer functions as processors handling only encrypted or obscured data, whereas the consensus layer focuses on validating commitments and zero-knowledge proofs.

The data availability layer, leveraging PeerDAS, stores only anonymized shards temporarily, aligning with GDPR’s data minimization requirement. By concentrating data controllership at the application layer and utilizing PETs, Ethereum aims to uphold user privacy without compromising its foundational principles, according to Reggianini. Nonetheless, the effectiveness of this framework hinges on widespread community adoption, developer support, and possible cooperation with EU regulatory bodies.