As the Ethereum ecosystem and its core principles develop to address data privacy issues, a new recommendation recommends a modular compliance strategy as a way to reconcile public blockchains with the EU General Data Protection Regulation (GDPR).
Monday, proposal Drafting Eugenio Reggianini, a member of the Ethereum community, recommends using a modular architecture for effective data management and privacy.
“By pushing personal data to the edge (wallets and DAPP), using off-chain storage with metadata, and splitting roles on the shredder, we can focus GDPR controller responsibilities on a small percentage of entities, while wider networks become pure processors or drops scope,” Regggianini said.
The transition from Ethereum to a modular architecture can enable integration of various privacy enhancement technologies (PETs), which, according to Reggianini, can achieve GDPR compliance in a license-free blockchain environment.
Related: Vitalik hopes to make Ethereum “as simple as Bitcoin” within 5 years
Technical Roadmap: Rescue Pets
The proposal outlines several Ethereum technologies that have been integrated or proposed that help reduce the exposure of personal data, including original stocks (EIP-4844), which limit trading spot lifespans to around 18 days, thus minimizing storage.
Zero-knowledge concise non-interactive knowledge arguments (ZK-SNARKS) can also help improve privacy because they involve validators confirming concise cryptographic proofs rather than viewing transaction payloads, thus greatly reducing chain-chain data visibility.
Other PET integrations that can help GDPR compliance include fully homogeneous encryption and trusted execution environments (TEES), multi-party computing (MPC), proposer builder separation (PBS), and PEER data availability sampling (PEERDAS).
Ethereum’s modular compliance strategy
The proposal breaks down the meaning of GDPR in the three layers of the Ethereum network: the execution layer, the consensus layer, and the data availability layer.
The execution layer will operate as a processor, relaying only or blinding data, while the consensus layer will only verify commitments and zero-knowledge proofs. Finally, the data availability layer under Peerdas stores only anonymous fragments of a limited time range, making them consistent with GDPR’s data minimization principle.
Regggianini claims that by focusing data control rates on the application layer and leveraging pets, Ethereum can protect user privacy without sacrificing its core principles.
Nevertheless, the success of the framework depends on wide community adoption, developer buying and aligning with EU regulators’ potential.
Magazine: Baby Boomers, worth 79 tons, finally joins Bitcoin
