The European Blockchain Association (EBA) welcomes the European Data Protection Board’s (EDPB) draft guidelines on the application of the General Data Protection Regulation (GDPR) to blockchain-based data processing. This pivotal development signals a long-awaited evolution in Europe’s regulatory stance toward decentralised technologies.
For years, the EBA has advocated for a modernised, technically grounded approach to GDPR enforcement that reflects the operational realities of public blockchains like Ethereum. With the publication of Guidelines 02/2025, the EDPB takes a crucial step forward—acknowledging the unique legal-technical challenges posed by decentralised infrastructures.
🔍 Key Takeaways from the EDPB Draft
- Decentralisation is not deregulation. The EDPB confirms that GDPR applies fully to permissionless blockchains, with nuanced role assignments for node operators, validators, and smart contract developers.
- The concept of ‘controller’ must evolve. Traditional interpretations of data controllership struggle to fit the modular architectures of modern blockchain systems. The guidelines call for deeper analysis of actors across execution, consensus, and data availability layers.
- Erasure in immutable systems is possible—by design. The EDPB highlights metadata erasure and off-chain storage as viable solutions to honour the right to be forgotten, even when on-chain data remains permanent.
- Privacy-by-default must be built in. From zero-knowledge proofs to enshrined proposer-builder separation (ePBS), the guidance underscores the importance of privacy-enhancing technologies (PETs) in meeting GDPR obligations.
📄 EBA’s Full Technical-Legal Response
In response to the consultation, the EBA submitted a detailed analysis grounded in real-world blockchain architectures, particularly Ethereum. Our reply includes:
- A taxonomy of actors and responsibilities under modular network designs.
- Legal and technical interpretations of execution-layer, consensus-layer, and data availability-layer roles.
- A harmonised GDPR compliance framework tailored for decentralised systems.
- Policy recommendations for avoiding controller ambiguity and ensuring practical implementation of privacy rights.
Through protocol innovations such as zk-SNARKs, PeerDAS, and fully homomorphic encryption, we demonstrate that decentralisation and data protection are not mutually exclusive—but must co-evolve through coordinated effort.
🤝 Call for Ongoing Collaboration
As Europe prepares to implement the AI Act and expand its Digital Decade agenda, this dialogue between regulators and decentralised system developers is more vital than ever. Legal certainty must not come at the cost of technological progress—or vice versa.
The EBA remains committed to supporting regulatory bodies, privacy advocates, and blockchain communities in crafting a compliance-first, innovation-forward future for Europe.
➡️ [Read the Full EBA Response Here (PDF)]
➡️ Access the EDPB’s Draft Guidelines 02/2025
Tags: #Blockchain #GDPR #EDPB #Web3 #PrivacyTech #DigitalSovereignty #Ethereum #CryptoPolicy #DataProtection #Decentralisation #EBA