The European Data Protection Board (EDPB) recently published Guidelines 02/2025 on the processing of personal data through blockchain technologies, raising concerns within the web3 community. One particular line in paragraph 63 has sent shockwaves through the industry: “When deletion has not been taken into account by design, this may require deleting the whole blockchain.”
This clause essentially turns the General Data Protection Regulation (GDPR) into a potential kill-switch for permissionless networks like Bitcoin and Ethereum. The directive poses a significant challenge to the fundamental principles of blockchain technology, which relies on decentralization and immutability.
GDPR was not crafted with tamper-proof ledgers in mind. The regulation assumes data is stored on centralized servers that can be easily controlled and erased. However, the decentralized nature of public blockchains makes it nearly impossible to comply with the “right to be forgotten” stipulated in Article 17 of the GDPR.
The EDPB’s guidelines also pose a threat to Europe’s ambitions for a sovereign cloud infrastructure. By potentially rendering decentralized cloud solutions illegal, the region risks falling behind in the global tech race and remaining dependent on foreign providers.
Moreover, the draft guidelines could hinder innovation and investment in European web3 projects, pushing developers towards centralized solutions and stifling growth in the decentralized space. By labeling volunteer validators as “data controllers,” the guidelines create unnecessary liabilities and barriers to entry.
A more balanced approach that acknowledges cryptographic deletion and clarifies the status of validators could align GDPR with the technical realities of blockchain technology. By revising paragraph 63 and promoting privacy-by-design principles, Europe can safeguard both privacy and decentralization while fostering innovation in the digital space.
As the public-comment period comes to a close, stakeholders in the web3 community, including builders, investors, and policymakers, must engage with the EDPB to ensure that Europe’s digital future remains open and decentralized. By addressing the concerns raised by the guidelines, the region can position itself as a leader in privacy-preserving technologies while fostering a thriving ecosystem of decentralized solutions.
Kai Wawrzinek, co-founder of the Impossible Cloud & Impossible Cloud Network, emphasizes the importance of finding a middle ground that protects privacy without stifling innovation. With the right approach, Europe can navigate the complexities of blockchain technology while upholding its commitment to data protection and digital sovereignty.