The General Data Protection Regulation (GDPR) is a European Union law that introduces guidelines and obligations for managing electronic data. The obligations GDPR places are the need to put in security measures to protect electronic data and the privacy of the people using and accessing the information. Camilo (2019) explains that the GDPR has seven principles and elements that aim to promote accountability and protect its users’ privacy. These are fairness and transparency, lawfulness, purpose limitation, and accuracy. Others include confidentiality, integrity, accountability, storage limitation, and data minimization (Haque et al., 2021). From these seven key elements, the primary intention of the GDPR is to protect the privacy of electronic data users and to make the providers of online and electronic services accountable for breaches in the privacy rights of online users. But, the introduction of blockchain technology has made it difficult for organizations operating it within the legal provisions of the GDPR. For instance, articles 16 and 17 of the GDPR mandate that all organizations offering electronic services have to modify or erase their technology to comply with the legal requirements of promoting and protecting online users’ privacy (Zaeem & Barber, 2020). Once deployed, Blockchain technology is not flexible and difficult to erase or modify. Camilo (2019) explains the challenges in implementing the GDPR laws by organizations that deploy blockchain technology. The thesis title is: “Blockchains and GDPR: Exploring Compatibility and Compliance Challenges.”
The primary aim of this paper is to examine the technical elements of blockchain technology and the criteria for GDPR, aimed at protecting the privacy and security of blockchain users and the transparency of the technology in use. The paper looks at the conflict and the challenges between the decentralized nature of blockchain technology and centralized control requirements placed by the GDPR laws. The study aims at achieving the objectives through a comprehensive review of literature, legal analysis, and case studies. The study will also analyze the opportunities and potential risks related to applying the GDPR laws by companies offering blockchain services. Furthermore, the study aims to give blockchain providers, regulators, developers, and stakeholders a guideline to ensure their services are compatible and comply with the protection standards established by the GDPR laws and regulations (Zaeem & Barber, 2020). To achieve these objectives, blockchain systems need to be accountable and open and implement stringent data security measures that can help comply with the provisions of the GDPR legal requirements. Finally, the thesis explains the compliance and compatibility problems that blockchain companies experience when they seek to integrate the GDPR principles and requirements into their systems. Thus, the thesis will advise stakeholders in blockchain technology on how to develop their systems to comply with the GDPR provisions and requirements.
Context of the Thesis
Blockchain technology is a centralized system, and it is used within the legal, financial, supply chain, and healthcare centers to transfer and move data. Belen-Saglam, Altuncu, Lu, & Li (2023) explains that the blockchain system is a safe and transparent method of storing and transferring data, which is the impetus that encourages people to use the technology in doing their business. Moreover, blockchain technology and systems are facing challenges in their application of the GDPR laws, and the reason is because of their decentralized nature. This decentralized nature makes it difficult for blockchain systems to comply with the legal requirements of enhancing and protecting their users’ privacy and the data’s safety. For instance, article 13 of the GDPR mandates electronic organizations to ensure transparency when using the data collected from their electronic sources. In Article 14, the GDPR advocates for the right of the users of electronic information to be informed when and how their information is being used. However, because of the decentralized nature of blockchain systems, it is difficult for blockchain technology service providers to comply with these provisions.
This thesis intends to analyze issues on the compliance and compatibility of the GDPR while using blockchain technology. Some of the issues that are being covered in this thesis are the technical characteristics and elements of blockchain technology and highlight the legal requirements for their adoption. The paper also recommends how the providers of blockchain electronic services can develop their systems so that it complies with the GDPR data protection standards and guidelines. Furthermore, the setting of this study is the need to balance the benefits of deploying blockchain technology and the legal issues and requirements aligned with the GDPR technology (Molina, Betarte, & Luna., 2021). Finally, the results of the thesis paper will add to the continuing knowledge and discussions of integrating how the blockchain technology systems and activities can comply with the provisions of the GDPR, despite their decentralized nature, which conflicts with the GDPR laws and provisions, that advocate for the centralization of the electronic and online services, that results to better protection of the online user’s privacy and data.
Significance of the Thesis
The paper has several significances, and the primary intention is to help blockchain organizations to comply with the GDPR provisions and requirements. In this regard, one of its primary significances is to give the blockchain technology’s developers, regulators, and stakeholders guidance on the strategies to use in ensuring the interoperability and compliance of a blockchain technological system with the legal frameworks and policies recognized by the GDPR systems. This includes protecting and securing the data of people using blockchain systems. The significance is developed out of the concern that the decentralized nature of the blockchain systems conflicts with the centralized requirements of the GDPR legal provisions and guidelines. Thus, the need to find ways of reconciling these two (Sağlam et al., 2020). Thus, by analyzing the legal and ethical aspects of complying with the provisions of the GDPR system, the thesis will recommend the strategies that organizations using the blockchain system should follow to align with the provisions of the GDPR laws and regulations.
The study’s other significance is informing regulators, policymakers, and other organizational stakeholders about the advantages and risks of deploying blockchain technologies. This would help develop future guidelines that can be used to develop laws aimed at protecting online users’ privacy and reviewing the GDPR, and amending the law to reflect the current societal needs (Schellinger et al., 2022; Kondova & Erbguth, 2020). Indeed, it is essential to denote that there is an evolution in information technology, and the laws currently in use may not be applicable in the future, and an example is the GDPR. Thus, the need to review the current laws and develop guidelines that can be used to develop future laws that can satisfy the existing societal needs.
Additionally, this study’s approach is significant in that it will serve as a guide for future research on the subject and related thesis assignments and research. This study entailed a comprehensive literature review, case study, and legal analysis to develop a solution to the research questions and study. The approach used in this research is multidisciplinary, and it has helped to understand all the issues on the use and deployment of blockchain technology in law, health, finance, and other areas of society and how they can comply with the provisions of the GDPR legal requirements and guidelines (Sağlam et al., 2020). Thus, the research approach can serve as a model for future studies on compatibility and compliance problems to develop a research design that can help them achieve the objectives of their studies.
Still, the study is significant because the results can help blockchain companies develop strategies that can protect the privacy of their customers and the security of data under their control. This would improve and promote the blockchain industry. The reason is that the blockchain companies will not be closed because they can comply with the provisions of the GDPR technology. This includes being accountable for the data they collect and protecting the privacy of their online users. Furthermore, the study is significant because it addresses issues regarding integrating new technological innovations and ensuring they comply with the legal frameworks and guidelines that regulate their adoption and application in society. This helps contribute to the emergence and development of an ethical, secure, and transparent blockchain technology industry.
Aims and Objectives of the Thesis
This study aims to investigate blockchain technology’s compliance and compatibility issues with the GDPR guidelines and laws. The study aims are developed from the background that the characteristics of the blockchain technologies and the legal provisions and guidelines of the GDPR are incompatible. The incompatibility emerges because GDPR laws and provisions advocate for a centralized data collection and management system, while the blockchain systems are decentralized. Thus, the following are the aims of the study:
- Analyzing the conflict between the GDPR and blockchain technologies: The GDPR legal frameworks advocates for centralizing electronic services and data, making controlling and regulating them easier. On the other hand, blockchain systems are decentralized. Because of these two differing characteristics, there is a conflict between the GDPR and the blockchain system. Thus, the study aims to analyze how the characteristics of the blockchain system may hinder their ability to protect data, be transparent and ensure online users’ privacy.
- To analyze the ethical and legal issues touching on the adoption of blockchain technology and how the technology can comply with GDPR laws and regulations.
- To analyze and identify the challenges of integrating and applying blockchain technologies to comply with the provisions of the GDPR.
- To come up with a solution that can help blockchain organizations to comply with the legal requirements of the GDPR. Some of the solutions developed can be technological, regulatory, and best practices that guide the rolling out of the technology under consideration.
- To contribute to the knowledge and public discussions on blockchain companies’ challenges when complying with the GDPR laws and regulations.
Conclusions
The study of this research is called: “Blockchains and GDPR: Exploring Compatibility and Compliance Challenges .”It aims at identifying how blockchain technologies can be compatible with the legal provisions established by the GDPR laws and guidelines. The study is developed from the notion that blockchain technologies are incompatible with the GDPR laws and guidelines because of their decentralized nature. The GDPR laws advocate for a centralized system that can help organizations be transparent when handling and using data from online users. While achieving the study’s objectives, the researcher will rely on the case study, legal analysis, and a comprehensive literature review. The information generated will help advise blockchain companies on developing their systems compatible with the GDPR laws and regulations. The result is that the blockchain industry will be developed and progress.
References
Banerjee, S., Bouzefrane, S., & Abane, A. (2021, June). Identity management with hybrid blockchain approach: a deliberate extension with federated-inverse-reinforcement learning. In 2021 IEEE 22nd International Conference on High-Performance Switching and Routing (HPSR) (pp. 1-6). IEEE.
Bayamlıoğlu, E. (2022). The right to contest automated decisions under the General Data Protection Regulation: Beyond the so‐called “right to explanation”. Regulation & Governance, 16(4), 1058-1078.
Belen-Saglam, R., Altuncu, E., Lu, Y., & Li, S. (2023). A systematic literature review of the tension between the GDPR and public blockchain systems. Blockchain: Research and Applications, 100129.
Camilo, J. (2019). Blockchain-based consent manager for GDPR compliance. Open Identity Summit 2019.
Chiarini, A., & Compagnucci, L. (2022). Blockchain, Data Protection and P2P Energy Trading: A Review on Legal and Economic Challenges. Sustainability, 14(23), 16305.
Feys, M. M., Swanson, J. W., Carreiro, P. M., & Lafever, G. (2022). Technical controls that protect data when in use and prevent misuse. Journal of Data Protection & Privacy, 5(3), 281-296.
Haque, A. B., Islam, A. N., Hyrynsalmi, S., Naqvi, B., & Smolander, K. (2021). GDPR compliant blockchains–a systematic literature review. IEEE Access, 9, 50593-50606.
Jung, S. W. Universal Redactable Blockchain.
Jusic, A. (2022). Privacy between Regulation and Technology: GDPR and the Blockchain. IUS Law Journal, 1(1), 47-59.
Kondova, G., & Erbguth, J. (2020, March). Self-sovereign identity on public blockchains and the GDPR. In Proceedings of the 35th Annual ACM Symposium on Applied Computing (pp. 342-345).
Kshetri, N., & Loukoianova, E. (2019). Blockchain adoption in supply chain networks in Asia. IT Professional, 21(1), 11-15.
Mohammad, A., & Vargas, S. (2022). Challenges of Using Blockchain in the Education Sector: A Literature Review. Applied Sciences, 12(13), 6380.
Molina, F., Betarte, G., & Luna, C. (2021, May). Design principles for constructing GDPR-compliant blockchain solutions. In 2021 IEEE/ACM 4th International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB) (pp. 1-8). IEEE.
Mrabet, H., Alhomoud, A., Jemai, A., & Trentesaux, D. (2022). A Secured Industrial Internet-of-Things Architecture Based on Blockchain Technology and Machine Learning for Sensor Access Control Systems in Smart Manufacturing. Applied Sciences, 12(9), 4641.
Sağlam, R. B., Aslan, Ç. B., Li, S., Dickson, L., & Pogrebna, G. (2020, August). A Data-Driven Analysis of Blockchain Systems’ Public Online Communications on GDPR. In 2020 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPS) (pp. 22-31). IEEE.
Schellinger, B., Völter, F., Urbach, N., & Sedlmeir, J. (2022). Yes, I do: Marrying blockchain applications with GDPR. e-government, 19, 22.
Schmelz, D., Fischer, G., Niemeier, P., Zhu, L., & Grechenig, T. (2018, August). Towards using public blockchain in information-centric networks: challenges imposed by the European Union’s general data protection regulation. In 2018 1st IEEE International Conference on Hot Information-Centric Networking (HotICN) (pp. 223-228). IEEE.
Shaverdian, P. (2019). Start with trust: utilizing blockchain to resolve the third-party data breach problem. UCLA L. Rev., 66, 1242.
Wylde, V., Rawindaran, N., Lawrence, J., Balasubramanian, R., Prakash, E., Jayal, A., … & Platts, J. (2022). Cybersecurity, data privacy and blockchain: A review. SN Computer Science, 3(2), 127.
Yang, W., Chen, J., Zhang, Y., Zhang, Y., He, J. H., & Fang, X. (2019). Silicon‐compatible photodetectors: trends to monolithically integrate photosensors with chip technology. Advanced Functional Materials, 29(18), 1808182.
Zaeem, R. N., & Barber, K. S. (2020). The effect of the GDPR on privacy policies: Recent progress and future promise. ACM Transactions on Management Information Systems (TMIS), 12(1), 1-20.
write