Quick Search:

A systematic literature review of the tension between the GDPR and public blockchain systems

Belen-Saglam, Rahime ORCID: https://orcid.org/0000-0002-6969-6451, Altuncu, Enes ORCID: https://orcid.org/0000-0002-1362-9700, Lu, Yang ORCID: https://orcid.org/0000-0002-0583-2688 and Li, Shujun ORCID: https://orcid.org/0000-0001-5628-7328 (2023) A systematic literature review of the tension between the GDPR and public blockchain systems. Blockchain: Research and Applications (100129). p. 100129.

1-s2.0-S2096720923000040-main.pdf - Published Version
Available under License Creative Commons Attribution Non-commercial No Derivatives.

| Preview


The blockchain technology has been rapidly growing since Bitcoin was invented in 2008. The most common type of blockchain systems, public (permissionless) blockchain systems have some unique features that lead to a tension with European Union's General Data Protection Regulation (GDPR) and other similar data protection laws. In this paper, we report the results of a systematic literature review (SLR) on 114 research papers discussing and/or addressing such a tension. To the best of our knowledge, our SLR is the most comprehensive review of this topic, leading a more in-depth and broader analysis of related research work on this important topic. Our results revealed three main types of issues: (i) difficulties in exercising data subjects' rights such as the ‘right to be forgotten’ (RTBF) due to the immutable nature of public blockchains; (ii) difficulties in identifying roles and responsibilities in the public blockchain data processing ecosystem (particularly on the identification of data controllers and data processors); (iii) ambiguities regarding the application of the relevant law(s) due to the distributed nature of blockchains. Our work also led to a better understanding of solutions for improving the GDPR compliance of public blockchain systems. Our work can help inform not only blockchain researchers and developers, but also policy makers and law markers to consider how to reconcile the tension between public blockchain systems and data protection laws (the GDPR and beyond).

Item Type: Article
Status: Published
DOI: https://doi.org/10.1016/j.bcra.2023.100129
School/Department: School of Science, Technology and Health
URI: https://ray.yorksj.ac.uk/id/eprint/7272

University Staff: Request a correction | RaY Editors: Update this record