INATBA's Privacy Working Group Publishes a Paper on Leveraging Zero-Knowledge Proofs for GDPR Compliance in Blockchain Projects

Published on October 15, 2024

INATBA’s Privacy Working Group has released a position paper titled “Leveraging Zero-Knowledge Proofs for GDPR Compliance in Blockchain Projects.” This document explores the challenges of aligning blockchain technology with GDPR requirements and how Zero-Knowledge Proofs (ZKPs) offer innovative solutions to protect privacy while maintaining blockchain’s decentralized nature.

GDPR imposes strict requirements, such as the right to be forgotten and data minimization, that are difficult to implement on blockchain due to its immutable structure. Additionally, decentralized systems make it hard to assign accountability, as there are no clear data controllers or processors. These challenges complicate GDPR compliance in a blockchain context.

ZKPs provide a solution by allowing the verification of data without revealing personal details. Sensitive data can remain off-chain, while only cryptographic proofs are stored on-chain. This helps meet GDPR’s data minimization and erasure requirements without compromising security or transparency.

Key points:

  • Blockchain’s immutable structure conflicts with GDPR’s requirements, such as data erasure and minimization.
  • ZKPs allow data verification without revealing personal information, keeping sensitive data off-chain and stored as cryptographic proofs.
  • Personal data can be effectively erased by revoking cryptographic keys, aligning with GDPR’s right to be forgotten.
  • Recent advancements in ZKP technology, including ZK Virtual Machines (ZK VMs) and frameworks like snarkJS, make ZKPs easier to implement.
  • Applications of ZKPs are emerging in identity verification, privacy-preserving transactions, and secure e-voting systems, offering practical solutions for GDPR compliance.

 

We would like to thank the authors of the paper: Dave Zein (Block-Staff, Co-Chair of the Privacy Working Group, Czech Republic) and Wiktor Pinkwart (token.com, Co-Chair of the Privacy Working Group, Poland), and the reviewers: Catarina Silva (EUBOF Expert Group, Portugal), Geoffrey Goodell (INATBA Academic Advisory Body Member, UCL Blockchain, United Kingdom), Harris Niavis (Inlecom, Greece), Jonathan Heiss (INATBA Academic Advisory Body Member, TU Berlin, Germany), Jörn Erbguth (EUBOF Expert Group, Switzerland), Sharmin Chougule (INATBA Academic Advisory Body Member, University of Camerino, UNIDROIT, Italy), Sophoclis Stephanou (Blockchain.com, United Kingdom), Stéphanie Attias (The Sandbox, France).

Leveraging_ZKP_for_GDPR_Compliance_in_Blockchain_Projects.pdf
Other news

BC100+ Podcast Series: Kokonut Network

October 15, 2024
Building on the success of the 2023 podcast series on Financial Inclusion and ReFi, INATBA’s Social Impact and Sustainability Working Group launched a new podcast series in 2024. Titled “Blockchain for the UN Charters – BC100+ Ecosystem 2024,” this series features BC100+ projects, exploring their use cases, challenges, opportunities, and impact measurement methods.

ESA Consultation Response to Crypto-Asset Classification Framework

October 21, 2024
On October 16th, INATBA responded to the ESA’s consultation on the Classification of Crypto-Asset Frameworks.INATBA’s consultation response to the ESAs highlights concerns regarding the regulatory burden of crypto-assets under MiCAR. While INATBA welcomes clearer classification guidelines, they emphasize the need for proportionality, arguing that overly complex requirements will hinder Europe’s co