BTC>The Lightning Network (LN) and GDPR share a goal of empowering individuals to have more control over their personal data. However there are challenges in both technical aspects. For example LN reduces on chain data storage, which aligns with GDPRs data minimization principles.
When it comes to pseudonymity, versus anonymity, data controllers and processors must consider that LN transactions are linked to pseudonymous addresses rather than directly to personal identities. By implementing anonymity measures it becomes easier to uphold another core GDPR principle; the right to be forgotten.
Additionally determining the roles of data controllers and processors is complicated by the nature of LN.
Stepping back for a perspective the question arises; Should messages exchanged in LN be considered "personal data " or should they exclusively be viewed as financial data?
heres the thing though.. when LN routers are classed as payment facilitators, it then becomes a purpose to collect certain data, and retain it for a legally required time. so its not a use once and forget thing
as for the onion routed packets.. they are both personal data and financial, as the channel ID and HTLC addresses are the personal, and the msat amount and fee is the financial