GDPR Compliant Blockchains-A Systematic Literature Review

TL;DR

This systematic review analyzes how blockchain technology aligns with GDPR, categorizing relevant articles and research domains, and identifying gaps to guide future research in GDPR-compliant blockchains.

Contribution

It provides a comprehensive synthesis of existing literature on GDPR compliance in blockchains, categorizing articles and research domains, and highlighting key gaps and future directions.

Findings

GDPR articles relevant to blockchains are categorized into six groups.

Seven research domains where GDPR compliant blockchains are discussed.

Identified key research gaps and proposed future research directions.

Abstract

Although blockchain-based digital services promise trust, accountability, and transparency, multiple paradoxes between blockchains and GDPR have been highlighted in the recent literature. Some of the recent literature also proposed possible solutions to these paradoxes. This article aims to conduct a systematic literature review on GDPR compliant blockchains and synthesize the findings. In particular, the goal was to identify 1) the GDPR articles that have been explored in prior literature; 2) the relevant research domains that have been explored, and 3) the research gaps. Our findings synthesized that the blockchains relevant GDPR articles can be categorized into six major groups, namely data deletion and modification (Article 16, 17, and 18), protection by design by default (Article 25), responsibilities of controllers and processors (Article 24, 26, and 28), consent management (Article 7), data processing principles and lawfulness (Article 5,6 and 12), and territorial scope (Article 3). We also found seven research domains where GDPR compliant blockchains have been discussed, which include IoT, financial data, healthcare, personal identity, online data, information governance, and smart city. From our analysis, we have identified a few key research gaps and present a future research direction.