A new proposal from the Ethereum community signals a bold step toward making the network compliant with the EU's General Data Protection Regulation (GDPR) — without compromising decentralization. The plan introduces a modular privacy architecture leveraging advanced cryptographic techniques, pushing personal data management to wallets and DApps while redesigning the roles of network layers.

• Ethereum introduces a GDPR-compliant privacy architecture through modular design.
• Personal data management shifts to edges of the network — wallets and DApps — limiting onchain exposure.
• Technologies like zk-SNARKs and proto-danksharding play a central role in reducing data visibility.

Ethereum’s Modular Privacy Vision

Ethereum community member Eugenio Reggianini has proposed a system that redefines how the blockchain handles user data. The privacy roadmap focuses on meeting GDPR standards by using a modular design and privacy-enhancing technologies (PETs) — including offchain storage, metadata erasure, cryptographic role splitting, and edge-based data processing.

The proposed modular privacy approach for Ethereum strategically rebuilds channels to redistribute responsibility across the network. Rather than placing the burden of data compliance on the core blockchain, the model shifts personal data management to the periphery — specifically to user wallets and decentralized applications (DApps), which would act as the primary data controllers. Meanwhile, the main Ethereum layers would function as data processors or, in some cases, fall entirely outside the scope of GDPR. This restructuring is designed to preserve user privacy without compromising the core values of decentralization.

Under this model, Ethereum’s architecture is divided into three privacy-aware layers. The execution layer would handle only encrypted or blinded data, ensuring that no personal information is exposed during transaction processing. The consensus layer would be responsible solely for validating cryptographic commitments and zero-knowledge proofs, thus avoiding direct interaction with sensitive data. Finally, the data availability layer — enhanced through Peer Data Availability Sampling (PeerDAS) — would store only anonymized data shards for short, predefined durations, aligning with GDPR’s principle of data minimization.

Several advanced technologies are embedded into this framework to support its privacy goals. These include zk-SNARKs, which enable transactions to be verified without revealing their contents, and proto-danksharding (EIP-4844), which limits transaction data availability to approximately 18 days. Other privacy-enhancing tools such as Fully Homomorphic Encryption, Trusted Execution Environments (TEEs), and Multi-Party Computation (MPC) further enhance the confidentiality of offchain computations. Together, these elements form a decentralized yet GDPR-aligned system that maintains Ethereum's transparency and security while safeguarding user data.

Expert Opinions and Quotes

“By pushing personal data to the edges (wallets and DApps), using offchain storage with metadata-erasure, and splitting roles cryptographically, we can focus GDPR controller duties on a small set of entities, while the wider network becomes mere processors or falls out of scope.” — Eugenio Reggianini, Ethereum community contributor

FAQs

What is Ethereum’s modular privacy proposal?
It’s a framework that redesigns Ethereum's architecture to make it GDPR-compliant using modular components, offchain storage, and advanced cryptography.

How does Ethereum aim to comply with GDPR?
By shifting personal data handling to the network’s edge (wallets and DApps), minimizing data storage, and using tools like zk-SNARKs and proto-danksharding, Ethereum can reduce its exposure to sensitive data.

What are zk-SNARKs and why are they important here?
zk-SNARKs are cryptographic proofs that verify transactions without revealing underlying data — key to maintaining privacy while ensuring network integrity.

Is Ethereum GDPR-compliant right now?
No. The proposed roadmap outlines a strategy toward compliance, but full adoption depends on community and regulatory support.

Why does Ethereum need GDPR compliance?
To expand adoption in regulated markets like the EU and protect user data while maintaining its decentralized nature.