A systematic literature review of the tension between the GDPR and public blockchain systems

IF 6.9 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Blockchain-Research and Applications Pub Date : 2023-06-01 DOI:10.1016/j.bcra.2023.100129

Rahime Belen-Saglam , Enes Altuncu , Yang Lu , Shujun Li

{"title":"A systematic literature review of the tension between the GDPR and public blockchain systems","authors":"Rahime Belen-Saglam , Enes Altuncu , Yang Lu , Shujun Li","doi":"10.1016/j.bcra.2023.100129","DOIUrl":null,"url":null,"abstract":"<div><p>Blockchain technology has been rapidly growing since Bitcoin was invented in 2008. The most common type of blockchain system, public (permissionless) blockchain system, has some unique features that lead to a tension with the European Union’s General Data Protection Regulation (GDPR) and other similar data protection laws. In this paper, we report the results of a systematic literature review (SLR) on 114 research papers discussing and/or addressing such a tension. To the best of our knowledge, our SLR is the most comprehensive review of this tension, leading to a more in-depth and broader analysis of related research work on this important topic. Our results revealed three main types of issues: (i) difficulties in exercising data subjects’ rights such as the ‘right to be forgotten’ (RTBF) due to the immutable nature of public blockchains; (ii) difficulties in identifying roles and responsibilities in the public blockchain data processing ecosystem (particularly on the identification of data controllers and data processors); and (iii) ambiguities regarding the application of the relevant law(s) due to the distributed nature of blockchains. Our work also led to a better understanding of solutions for improving the GDPR compliance of public blockchain systems. It can help inform not only blockchain researchers and developers but also policymakers and law markers to consider how to reconcile the tension between public blockchain systems and data protection laws (the GDPR and beyond).</p></div>","PeriodicalId":53141,"journal":{"name":"Blockchain-Research and Applications","volume":"4 2","pages":"Article 100129"},"PeriodicalIF":6.9000,"publicationDate":"2023-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Blockchain-Research and Applications","FirstCategoryId":"1093","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2096720923000040","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 5

Abstract

Blockchain technology has been rapidly growing since Bitcoin was invented in 2008. The most common type of blockchain system, public (permissionless) blockchain system, has some unique features that lead to a tension with the European Union’s General Data Protection Regulation (GDPR) and other similar data protection laws. In this paper, we report the results of a systematic literature review (SLR) on 114 research papers discussing and/or addressing such a tension. To the best of our knowledge, our SLR is the most comprehensive review of this tension, leading to a more in-depth and broader analysis of related research work on this important topic. Our results revealed three main types of issues: (i) difficulties in exercising data subjects’ rights such as the ‘right to be forgotten’ (RTBF) due to the immutable nature of public blockchains; (ii) difficulties in identifying roles and responsibilities in the public blockchain data processing ecosystem (particularly on the identification of data controllers and data processors); and (iii) ambiguities regarding the application of the relevant law(s) due to the distributed nature of blockchains. Our work also led to a better understanding of solutions for improving the GDPR compliance of public blockchain systems. It can help inform not only blockchain researchers and developers but also policymakers and law markers to consider how to reconcile the tension between public blockchain systems and data protection laws (the GDPR and beyond).

查看原文本刊更多论文

GDPR与公共区块链系统之间紧张关系的系统文献综述

自2008年比特币发明以来，区块链技术一直在快速发展。最常见的区块链系统类型是公共（无许可）区块链系统，它具有一些独特的特征，导致与欧盟《通用数据保护条例》（GDPR）和其他类似的数据保护法律之间存在紧张关系。在本文中，我们报告了对114篇讨论和/或解决这种紧张关系的研究论文的系统文献综述（SLR）的结果。据我们所知，我们的SLR是对这种紧张关系最全面的回顾，从而对这一重要主题的相关研究工作进行了更深入、更广泛的分析。我们的研究结果揭示了三种主要类型的问题：（i）由于公共区块链的不可变性质，难以行使数据主体的权利，如“被遗忘权”（RTBF）；（ii）在确定公共区块链数据处理生态系统中的角色和责任方面存在困难（特别是在确定数据控制者和数据处理者方面）；以及（iii）由于区块链的分布式性质，在适用相关法律方面存在歧义。我们的工作还使我们更好地了解了提高公共区块链系统GDPR合规性的解决方案。它不仅可以帮助区块链研究人员和开发者，还可以帮助决策者和法律标记者考虑如何调和公共区块链系统与数据保护法（GDPR及其他）之间的紧张关系。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Blockchain-Research and Applications

CiteScore

11.30

自引率

3.60%

发文量

期刊介绍： Blockchain: Research and Applications is an international, peer reviewed journal for researchers, engineers, and practitioners to present the latest advances and innovations in blockchain research. The journal publishes theoretical and applied papers in established and emerging areas of blockchain research to shape the future of blockchain technology.