Cryptonews Ethereum News

New Ethereum GDPR Blueprint Recasts Wallets as Controllers, Lets Validators Off the Hook

Ethereum developers are exploring privacy-preserving infrastructure to limit exposure without compromising decentralization while operating in Europe.

Author

Hongji Feng

Author

Hongji Feng

About Author

Hongji is a crypto and tech reporter. He graduated from Northwestern University's Medill School of Journalism with a Bachelor's and a Master's. He has previously interned at HTX (Huobi Global),...

Author Profile

Last updated:

June 9, 2025

Why Trust Cryptonews

Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews

Key Takeaways:

Ethereum community member Eugenio Reggianini published a GDPR compliance proposal on June 9 as part of the European Blockchain Association’s consultation response.
The proposal recommends keeping personal data off-chain and using privacy-preserving technologies to reduce exposure across Ethereum’s modular architecture.
A new role classification framework would assign GDPR controller status only to front-end actors like wallets and dApps.

Ethereum community member Eugenio Reggianini (“EugeRe”) has outlined a set of privacy and data management practices to help align Ethereum’s architecture with European Union data protection rules.

The proposal was published on June 9 as part of the European Blockchain Association’s response to the General Data Protection Regulation (GDPR) consultations. It recommends assigning data controller status to front-end actors, such as wallets and dApps, while lower-layer infrastructure should only process encrypted or anonymized data.

Ethereum Roles Reclassified Under GDPR

According to the proposal, personal data should be kept off-chain, with blockchain nodes relaying only references or proofs rather than identifiable information.

To minimize exposure across the protocol, the proposal references a number of privacy-enhancing techniques. These include zk-SNARK execution, proposer-builder separation, data availability sampling, and homomorphic encryption.

Reggianini suggests that recent developments like proto-danksharding could help enforce data minimization through temporary storage and automatic pruning.

The document also proposes a new classification for blockchain participants under GDPR. Wallet providers and dApp developers would retain controller status, while mempool relays, validators, and data availability nodes would be treated as processors or considered out of scope if they handle only non-identifiable fragments.

The proposal calls for Ethereum’s modular structure to serve as a framework for compliance, reducing exposure by design. Role separation within the execution, consensus, and data availability layers is emphasized as a strategy to manage risk while maintaining Ethereum’s permissionless nature.

Announcing the Ethereum Foundation Treasury Policyhttps://t.co/bU566m1zX5
— Ethereum Foundation (@ethereumfndn) June 4, 2025

EU Rules Prompt Restructuring and Retreat

The summary concludes that GDPR compliance for Ethereum is technically achievable if personal data remains at the application level and never propagates to base-layer infrastructure. This, it argues, would allow compliance with existing law without imposing central controls on the network.

Several crypto projects have restructured to comply with GDPR by shifting identity checks and data storage off-chain. Others, lacking technical capacity or legal clarity, have withdrawn from the European Union altogether.

The law’s strict definition of controllership has drawn criticism for applying centralized assumptions to decentralized networks. Projects like Worldcoin have faced bans over biometric data use, stressing the tension between data rights and open protocols.

Reggianini’s proposal adds to growing calls for a more nuanced regulatory approach, one that recognizes the technical roles of blockchain participants rather than treating all nodes as data controllers.

Frequently Asked Questions (FAQs)

Why is the GDPR difficult for public blockchains like Ethereum?

The GDPR was written for centralized systems with clear data controllers. Public blockchains, by contrast, distribute data processing across thousands of nodes, making it unclear who is responsible for compliance.

What are the risks of non-compliance with GDPR in blockchain systems?

Entities processing personal data without a legal basis could face heavy fines, enforcement actions, or be forced to exit the EU market altogether.

Could GDPR frameworks eventually change to accommodate decentralized tech?

Some policymakers and advocacy groups are calling for legal updates that better distinguish between active controllers and passive processors in blockchain networks, but no official changes have been made yet.