Original Title: 'ETH New Proposal: Modular Architecture + Privacy Enhancement to Comply with EU GDPR Data Regulations, What Are Its Features?'
Original Author: Editor Jr., BlockTempo
ETH community member Eugenio Reggianini published a new proposal on EthResear.ch on June 9th, proposing that through modular architecture and privacy enhancement technologies (PETs), ETH can maintain its decentralized characteristics while meeting the EU General Data Protection Regulation (GDPR) data protection requirements.
The ultimate goal is to centralize personal data management responsibilities at the application layer, ensuring that underlying infrastructure only processes anonymous or pseudonymized data, thereby protecting user privacy while maintaining ETH's decentralization vision.
Modular Architecture: Redefining Data Management Roles
The core of Reggianini's proposal is ETH's modular architecture, dividing the network into execution, consensus, and data availability layers, and clearly distinguishing between "controllers" (those determining data purposes) and "processors" (those merely processing data). Personal data is pushed to the edge (wallets and decentralized applications) and uses off-chain storage and metadata elimination techniques to reduce on-chain data exposure risks. Reggianini believes this method limits GDPR controller responsibilities to a few entities (such as application developers), making most network nodes merely processors or completely exempt from regulations, reducing compliance burdens.
Privacy Enhancement Technologies: Core Tools for Data Protection
The proposal introduces multiple privacy enhancement technologies (PETs), including:
· Proto-Danksharding (EIP-4844): Storing transaction data blocks off-chain and pruning after approximately 18 days, achieving data minimization.
· zk-SNARKs: Validators only verify concise encrypted proofs, not original transaction contents, reducing data visibility.
· Fully Homomorphic Encryption and Trusted Execution Environments (TEEs): Performing computations on encrypted data, ensuring nodes cannot see plaintext.
· Multi-Party Computation (MPC) and Proposer-Builder Separation (PBS): Dispersing data processing permissions, reducing single node access to personal data.
· PeerDAS: Storing data in erasure-coded fragments, with nodes holding incomprehensible fragments that automatically expire.
Reggianini explains that these technologies will significantly reduce on-chain personal data exposure risks, meet GDPR's data minimization and appropriate technical measures requirements, while preserving blockchain's decentralized characteristics.
Layered Role Allocation: Compliance Strategy with Distinct Responsibilities
The proposal divides ETH transaction processing into three layers, with GDPR compliance strategies for each:
· Execution Layer: Wallets and application frontends submit encrypted data as controllers; relay nodes and block builders process hidden data as processors.
· Consensus Layer: Validators only process proofs and commitments, not involving personal data, becoming neutral validators outside GDPR scope.
· Data Availability Layer: Through PeerDAS, nodes briefly store anonymous data fragments, complying with data minimization principles.
Reggianini states that through layered design, personal data is transformed or abstracted before entering the blockchain to ensure privacy protection and compliance.
Collaborative Governance: Key to Achieving Compliance
Reggianini also emphasizes that the proposal's success depends on widespread community adoption of privacy enhancement technologies, developer support, and potential alignment with EU regulatory bodies. Through a collaborative governance model, ETH can establish voluntary codes of conduct, further clarifying role divisions and reducing compliance risks.
Effect: Collaborative governance ensures technological and regulatory requirements align, promoting sustainable development of the ETH ecosystem.
