Ethereum Proposal Outlines GDPR Compliance Path through Modular Design
Because the broader Ethereum ecosystem and its core ideas evolve to deal with knowledge privateness issues, a brand new proposal recommends a modular compliance technique as a path to reconcile public blockchains with the European Union’s Basic Information Safety Regulation (GDPR).
On June 9, a proposal drafted by Ethereum neighborhood member Eugenio Reggianini urged the usage of modular structure for efficient knowledge administration and privateness.
“By pushing private knowledge to the perimeters (wallets and DApps), utilizing offchain storage with metadata-erasure, and splitting roles cryptographically, we are able to focus GDPR controller duties on a small set of entities, whereas the broader community turns into mere processors or falls out of scope,” Reggianini mentioned.
Ethereum’s transition to a modular structure may allow the combination of varied privacy-enhancing applied sciences (PETs), which, in accordance with Reggianini, can obtain GDPR compliance in permissionless blockchain environments.
Associated: Vitalik desires to make Ethereum ‘so simple as Bitcoin’ in 5 years
Technical roadmap: PETs to the rescue
The proposal outlines a number of applied sciences already being built-in or proposed for Ethereum that assist scale back private knowledge publicity, together with proto-danksharding (EIP-4844), which limits transaction blob lifespans to round 18 days, implementing storage minimization.
Zero-Data Succinct Non-Interactive Argument of Data (zk-SNARKs) also can assist enhance privateness as they contain validators confirming succinct cryptographic proofs slightly than viewing transaction payloads, dramatically decreasing onchain knowledge visibility.
Different PET integrations that would assist with GDPR compliance embody Absolutely Homomorphic Encryption and Trusted Execution Environments (TEEs), multiparty computation (MPC), Proposer-Builder Separation (PBS) and Peer Information Availability Sampling (PeerDAS).
Ethereum’s modular compliance technique
The proposal breaks down GDPR implications throughout the Ethereum community’s three layers: the execution layer, consensus layer and knowledge availability layer.
The execution layer would function as processors relaying solely encrypted or blinded knowledge, whereas the consensus layer would solely validate commitments and zero-knowledge proofs. Lastly, the information availability layer, underneath PeerDAS, would retailer solely nameless shards for restricted timeframes, bringing them consistent with GDPR’s knowledge minimization precept.
By focusing knowledge controllership on the applying layer and leveraging PETs, Ethereum can shield person privateness with out sacrificing its core ideas, Reggianini claimed.
Nevertheless, the framework’s success will depend upon broad neighborhood adoption, developer buy-in, and potential alignment with EU regulators.
Journal: Child boomers price $79T are lastly getting on board with Bitcoin