A Systematic Literature Review of the Tension between the GDPR and Public Blockchain Systems
The blockchain technology has been rapidly growing since Bitcoin was invented in 2008. The most common type of blockchain systems, public (permisionless) blockchain systems have some unique features that lead to a tension with European Union's General Data Protection Regulation (GDPR) and other similar data protection laws. In this paper, we report the results of a systematic literature review (SLR) on 114 research papers discussing and/or addressing such a tension. To be the best of our know, our SLR is the most comprehensive review of this topic, leading a more in-depth and broader analysis of related research work on this important topic. Our results revealed that three main types of issues: (i) difficulties in exercising data subjects' rights such as the `right to be forgotten' (RTBF) due to the immutable nature of public blockchains; (ii) difficulties in identifying roles and responsibilities in the public blockchain data processing ecosystem (particularly on the identification of data controllers and data processors); (iii) ambiguities regarding the application of the relevant law(s) due to the distributed nature of blockchains. Our work also led to a better understanding of solutions for improving the GDPR compliance of public blockchain systems. Our work can help inform not only blockchain researchers and developers, but also policy makers and law markers to consider how to reconcile the tension between public blockchain systems and data protection laws (the GDPR and beyond).
READ FULL TEXT