Listen, I recently came across an interesting topic about Ethereum and privacy — I think you will understand and be curious, especially if you are interested in blockchain and how it can fit into laws such as the European GDPR.
Ethereum has such a task — to remain decentralized and public, but at the same time not to violate the confidentiality of user data. In Europe, there is a fairly strict regulation on the protection of personal data — GDPR. And so one of the members of the Ethereum community, Eugenio Reggianini, proposed a strategy on how to combine this.
The idea is to use a modular architecture. This means that different parts of the system will perform different data storage and processing tasks. For example, personal data will not enter the blockchain directly — it will remain on the user's side, in his wallet or DApp. And only encrypted or anonymous pieces of data will be used on the blockchain itself, and only temporarily.
At the same time, Ethereum will use all kinds of advanced privacy technologies — PETs (Privacy-Enhancing Technologies). This, for example:
Proto-danksharding is a technology that limits the lifetime of large chunks of data to 18 days.
zk-SNARKs — allows you to verify transactions without disclosing the data itself.
Homomorphic encryption, multiparty computing (MPC), and reliable runtime environments (TEEs) all help you work with data without violating its privacy.
PBS (separation of developers and customers) and PeerDAS provide anonymity and minimize data storage.
In short, the idea is to spread responsibility: someone will process the data, someone will just confirm that everything is correct, and someone will temporarily store it in encrypted form. Due to this, most of the Ethereum network will not fall under the strict GDPR rules, and all responsibility will focus only on the application layers (wallets, dApps).
But there is a caveat. For all of this to work, developers and users need to really start using this architecture. Plus, we have yet to reach an agreement with European regulators so that they recognize this as GDPR compliant.
What do you think: is it really possible to rebuild the public blockchain in such a way that it becomes truly compatible with privacy laws?
