While the wider Ethereum ecosystem and its basic principles are evolving to respond to data confidentiality problems, a new proposal recommends a modular compliance strategy as well as reconciling public blockchains with the General Data Protection of the European Union (GDPR).
On June 9, a proposal written by the member of the Ethereum community, Eugenio Reggianini, suggested the use of modular architecture for effective data management and privacy.
“By pushing personal data on the edges (portfolios and DAPP), using storage out of the chain with a metadata-worries and dividing cryptographically, we can concentrate the tasks of the GDPR controller on a small set of entities, while the wider network becomes simple processors or falls outside the range,” said Reggianini.
The transition from Ethereum to a modular architecture could allow the integration of various technologies improving privacy (pets) which, according to Reggianini, can obtain compliance of the GDPR in blockchain environments without authorization.
In relation: Vitalik wants to make Ethereum “as simple as bitcoin” in 5 years
Technical roadmap: pets at La Récousse
The proposal describes several technologies already integrated or proposed for Ethereum which help reduce exposure to personal data, including Proto-Danksharding (EIP-4844), which limits the working time of transactions to around 18 days, imposing a storage minimization.
The succinct non-interactive argument of knowledge (ZK-Snarks) can also help improve confidentiality because they involve validators confirming succinct cryptographic evidence rather than visualizing the useful charges of transactions, considerably reducing the visibility of onchain data.
The other integrations of the PETs which could help the compliance of the GDPR include completely homomorphic encryption and the confidence execution environments (TEE), the multi-party calculation (MPC), the separation of the proponent-constructor (PBS) and the sampling of peer data availability (PEERDAS).
Ethereum modular compliance strategy
The proposal breaks down the implications of the GDPR through the three layers of the Ethereum network: the execution layer, the consensus layer and the data availability layer.
The execution layer would operate as processors relaying only encrypted or blind data, while the consensus layer would only validate the commitments and evidence of zero knowledge. Finally, the data availability layer, under Peerdas, would only store anonymous bursts for limited deadlines, putting them online with the principle of minimization of GDPR data.
By concentrating data control over the application layer and taking advantage of pets, Ethereum can protect users’ confidentiality without sacrificing its basic principles, said Reggianini.
However, the success of the framework will depend on the general adoption of communities, adherence to developers and potential alignment with EU regulators.
Review: Baby-boomers worth $ 79 t finally get on board with Bitcoin
