Ethereum in the European Union: modular proposal seeks to comply with GDPR

• Ethereum Seeks EU GDPR Compliance
• Blockchain privacy with decentralized modular architecture
• Using zk-SNARKs and PETs to Secure Crypto Data

The Ethereum ecosystem is making progress in its attempt to adapt the network to the privacy requirements set forth by the European Union’s General Data Protection Regulation (GDPR). A new proposal published by Ethereum community member Eugenio Reggianini suggests a modular architecture-based approach to handling personal data in a way that is compatible with European guidelines.

According to the author, the central idea is to move the storage of personal information to wallets and decentralized applications (DApps), avoiding keeping it directly on the blockchain. “By sending personal data to the edges, using off-chain storage with metadata elimination, and cryptographically dividing functions, we can concentrate the GDPR controller's tasks in a small set of entities,” explained Reggianini.

New post on https://t.co/neli1nzo0Y !

A pathway for GDPR Data Management Privacy for Ethereum

By:
– EugeRe

🔗 https://t.co/TyONivbytM

Highlights:
– Ethereum can integrate GDPR principles by managing personal data off-chain and using encryption to protect it.
– Roles in data…

— ethresearchbot (@ethresearchbot) June 9, 2025

The proposal details how different layers of the Ethereum network could be brought into line with GDPR requirements. The execution layer, for example, would act only as a transmitter of encrypted data. The consensus layer would be limited to validating cryptographic proofs through methods such as zk-SNARKs, reducing the exposure of on-chain data.

Among the privacy-enhancing technologies (PETs) cited in the proposal are fully homomorphic encryption, trusted execution environments (TEEs), multiparty computation (MPC), proto-danksharding (EIP-4844), proposer-builder separation (PBS), and PeerDAS — the latter aimed at temporary and fragmented data storage.

The plan aims to apply the principle of data minimization, a pillar of the GDPR, through fragmentation and limited retention time of personal information. With this, only the application layer would concentrate responsibility for user data.

The initiative still depends on developer engagement and acceptance by the Ethereum community. Its viability is also tied to ongoing dialogue with European regulators, seeking to ensure that the decentralized infrastructure does not conflict with legal data protection obligations.