Tension between GDPR and Public Blockchains: A Data-Driven Analysis of Online Discussions

Since coming into effect in May 2018, the EU General Data Protection Regulation (GDPR) has raised serious concerns among users of public (permissionless) blockchain systems. Such concerns are triggered by a tension between some unique characteristics of public blockchain systems and some new data subject rights introduced in the GDPR, e.g., the data immutability and the “right to erasure” (a.k.a. “the right to be forgotten”). The aim of this work is to understand how service providers and developers behind public blockchain systems have communicated about such GDPR-related challenges to their users and how the users have perceived such GDPR-related issues. To this end, for 50 public blockchain systems whose corresponding cryptocurrency had a capital market size over $150 million, we analyzed relevant communications and discussions on the following three online channels: blog and forums posts, GitHub repositories, and discussions on Twitter. Our results show that service providers and developers of the selected public blockchain systems did not play an active role in GDPR-related online discussions on Twitter. They also did not communicate with their users about GDPR on their forums and blogs frequently, where we could identify only 56 posts out of 17,821 posts for the period we studied. Our study also reveals that only an extreme minority of the studied systems (4) mentioned GDPR in their GitHub repositories. Our work adds new evidence on the lack of transparency and active communications of the public blockchain sector on the challenging GDPR compliance issue of public blockchain systems.