This discussion was originally part of https://discuss.flarum.org/d/23859-recruiting-testers-for-end-to-end-encrypted-private-messaging-extension/20
This opens up an awkward can of worms for GDPR in the sense that if you are requested by subpoena or similar court order to disclose information relating to any ongoing or incumbent case and it is encrypted, there will be issues arising from this in the sense that you are not able to provide the information requested.
Similarly, Nobody should expect any level of privacy on a system that is not owned by them, or the information is not stored on their device. All compliance departments in organisations will review all messages using keyword searches, and the inability to search an encrypted message is considered non-compliant by financial regulators. It is for this reason what when such financial institutions send an encrypted message, a non-encrypted copy is placed in the archive before submission to ensure it can be searched and presented as evidence in any court of law when requested.
As @Yalfoosh has already stated, true "private messaging" would indicate that nobody else - even in the case of a mod, can view the content of that message. In this case, it could only be classed as a DM (Direct Message). Encrypting the content is all well and good, but the ability to decrypt is paramount in certain legal situations. On the flip side, any conversation leaked via the DB will be encrypted if this ever took place (provided it's done at DB level and not on the fly in the browser of course).
My view is that we should stick with DM, and state in privacy policies that moderators both have access to, and reserve the right to view content and present in a court of law if requested.
Let's use the example of a terrorist cell or perhaps even a paedophile ring (extreme, but...) who decides to use your Private Messaging system for nefarious purposes, and you cannot see or moderate the content. It cannot be decrypted if you are using one-way encryption such as bCrypt, and therefore, you could not raise the alarm or alert local law enforcement or similar bodies should the need arise.
GDPR is one thing, but the local laws which fluctuate heavily dependant on jurisdiction is another. We could use @ianm "decontaminate" extension (which in itself would probably need refactoring) to eliminate PII automatically.