Skip to main content
Kent Academic Repository

A systematic literature review of the tension between the GDPR and public blockchain systems

Belen-Saglam, Rahime, Altuncu, Enes, Lu, Yang, Li, Shujun (2023) A systematic literature review of the tension between the GDPR and public blockchain systems. Blockchain: Research and Applications, 4 (2). pp. 1-23. E-ISSN 2666-9536. (doi:10.1016/j.bcra.2023.100129) (KAR id:101787)

Abstract

Blockchain technology has been rapidly growing since Bitcoin was invented in 2008. The most common type of blockchain system, public (permissionless) blockchain system, has some unique features that lead to a tension with the European Union’s General Data Protection Regulation (GDPR) and other similar data protection laws. In this paper, we report the results of a systematic literature review (SLR) on 114 research papers discussing and/or addressing such a tension. To the best of our knowledge, our SLR is the most comprehensive review of this tension, leading to a more in-depth and broader analysis of related research work on this important topic. Our results revealed three main types of issues: (i) difficulties in exercising data subjects’ rights such as the ‘right to be forgotten’ (RTBF) due to the immutable nature of public blockchains; (ii) difficulties in identifying roles and responsibilities in the public blockchain data processing ecosystem (particularly on the identification of data controllers and data processors); and (iii) ambiguities regarding the application of the relevant law(s) due to the distributed nature of blockchains. Our work also led to a better understanding of solutions for improving the GDPR compliance of public blockchain systems. It can help inform not only blockchain researchers and developers but also policymakers and law markers to consider how to reconcile the tension between public blockchain systems and data protection laws (the GDPR and beyond).

Item Type: Article
DOI/Identification number: 10.1016/j.bcra.2023.100129
Additional information: For the purpose of open access, the author has applied a CC BY public copyright licence to any Author Accepted Manuscript version arising from this submission.
Uncontrolled keywords: Blockchain, Distributed ledgers, Privacy, Data protection law, Legal compliance, GDPR, EU, EEA, UK
Subjects: H Social Sciences > HF Commerce > HF5548.32 E-commerce
K Law > KZ Law of Nations
Q Science > QA Mathematics (inc Computing science) > QA 75 Electronic computers. Computer science
T Technology > TK Electrical engineering. Electronics. Nuclear engineering > TK5101 Telecommunications > TK5105 Data transmission systems > TK5105.5 Computer networks
T Technology > TK Electrical engineering. Electronics. Nuclear engineering > TK5101 Telecommunications > TK5105 Data transmission systems > TK5105.5 Computer networks > TK5105.875.I57 Internet
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
University-wide institutes > Institute of Cyber Security for Society
Funders: Engineering and Physical Sciences Research Council (https://ror.org/0439y7842)
Depositing User: Shujun Li
Date Deposited: 21 Jun 2023 10:28 UTC
Last Modified: 04 Mar 2024 15:54 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/101787 (The current URI for this page, for reference purposes)

University of Kent Author Information

  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.