Abstract:Bitcoin is a popular digital currency for online payments, realized as a
decentralized peer-to-peer electronic cash system. Bitcoin keeps a ledger of
all transactions; the majority of the participants decides on the correct
ledger. Since there is no trusted third party to guard against double spending,
and inspired by its popularity, we would like to investigate the correctness of
the Bitcoin protocol. Double spending is an important threat to electronic
payment systems. Double spending would happen if one use… Show more
“…In a blockchain, a consensus algorithm determines the blocks’ order and its transactions to add to the ledger. Consensus algorithms automate the resolution of conflicts (double spending problem) in which an entity sends the same value twice; however, only one value will be accepted as a valid transaction (Chaudhary et al , 2015).…”
Purpose
The paper posits that a solution for businesses to use privacy-friendly data repositories for its customers’ data is to change from the traditional centralized repository to a trusted, decentralized data repository. Blockchain is a technology that provides such a data repository. However, the European Union’s General Data Protection Regulation (GDPR) assumed a centralized data repository, and it is commonly argued that blockchain technology is not usable. This paper aims to posit a framework for adopting a blockchain that follows the GDPR.
Design/methodology/approach
The paper uses the Levy and Ellis’ narrative review of literature methodology, which is based on constructivist theory posited by Lincoln and Guba. Using five information systems and computer science databases, the researchers searched for studies using the keywords GDPR and blockchain, using a forward and backward search technique. The search identified a corpus of 416 candidate studies, from which the researchers applied pre-established criteria to select 39 studies. The researchers mined this corpus for concepts, which they clustered into themes. Using the accepted computer science practice of privacy by design, the researchers combined the clustered themes into the paper’s posited framework.
Findings
The paper posits a framework that provides architectural tactics for designing a blockchain that follows GDPR to enhance privacy. The framework explicitly addresses the challenges of GDPR compliance using the unimagined decentralized storage of personal data. The framework addresses the blockchain–GDPR tension by establishing trust between a business and its customers vis-à-vis storing customers’ data. The trust is established through blockchain’s capability of providing the customer with private keys and control over their data, e.g. processing and access.
Research limitations/implications
The paper provides a framework that demonstrates that blockchain technology can be designed for use in GDPR compliant solutions. In using the framework, a blockchain-based solution provides the ability to audit and monitor privacy measures, demonstrates a legal justification for processing activities, incorporates a data privacy policy, provides a map for data processing and ensures security and privacy awareness among all actors. The research is limited to a focus on blockchain–GDPR compliance; however, future research is needed to investigate the use of the framework in specific domains.
Practical implications
The paper posits a framework that identifies the strategies and tactics necessary for GDPR compliance. Practitioners need to compliment the framework with rigorous privacy risk management, i.e. conducting a privacy risk analysis, identifying strategies and tactics to address such risks and preparing a privacy impact assessment that enhances accountability and transparency of a blockchain.
Originality/value
With the increasingly strategic use of data by businesses and the contravening growth of data privacy regulation, alternative technologies could provide businesses with a means to nurture trust with its customers regarding collected data. However, it is commonly assumed that the decentralized approach of blockchain technology cannot be applied to this business need. This paper posits a framework that enables a blockchain to be designed that follows the GDPR; thereby, providing an alternative for businesses to collect customers’ data while ensuring the customers’ trust.
“…In a blockchain, a consensus algorithm determines the blocks’ order and its transactions to add to the ledger. Consensus algorithms automate the resolution of conflicts (double spending problem) in which an entity sends the same value twice; however, only one value will be accepted as a valid transaction (Chaudhary et al , 2015).…”
Purpose
The paper posits that a solution for businesses to use privacy-friendly data repositories for its customers’ data is to change from the traditional centralized repository to a trusted, decentralized data repository. Blockchain is a technology that provides such a data repository. However, the European Union’s General Data Protection Regulation (GDPR) assumed a centralized data repository, and it is commonly argued that blockchain technology is not usable. This paper aims to posit a framework for adopting a blockchain that follows the GDPR.
Design/methodology/approach
The paper uses the Levy and Ellis’ narrative review of literature methodology, which is based on constructivist theory posited by Lincoln and Guba. Using five information systems and computer science databases, the researchers searched for studies using the keywords GDPR and blockchain, using a forward and backward search technique. The search identified a corpus of 416 candidate studies, from which the researchers applied pre-established criteria to select 39 studies. The researchers mined this corpus for concepts, which they clustered into themes. Using the accepted computer science practice of privacy by design, the researchers combined the clustered themes into the paper’s posited framework.
Findings
The paper posits a framework that provides architectural tactics for designing a blockchain that follows GDPR to enhance privacy. The framework explicitly addresses the challenges of GDPR compliance using the unimagined decentralized storage of personal data. The framework addresses the blockchain–GDPR tension by establishing trust between a business and its customers vis-à-vis storing customers’ data. The trust is established through blockchain’s capability of providing the customer with private keys and control over their data, e.g. processing and access.
Research limitations/implications
The paper provides a framework that demonstrates that blockchain technology can be designed for use in GDPR compliant solutions. In using the framework, a blockchain-based solution provides the ability to audit and monitor privacy measures, demonstrates a legal justification for processing activities, incorporates a data privacy policy, provides a map for data processing and ensures security and privacy awareness among all actors. The research is limited to a focus on blockchain–GDPR compliance; however, future research is needed to investigate the use of the framework in specific domains.
Practical implications
The paper posits a framework that identifies the strategies and tactics necessary for GDPR compliance. Practitioners need to compliment the framework with rigorous privacy risk management, i.e. conducting a privacy risk analysis, identifying strategies and tactics to address such risks and preparing a privacy impact assessment that enhances accountability and transparency of a blockchain.
Originality/value
With the increasingly strategic use of data by businesses and the contravening growth of data privacy regulation, alternative technologies could provide businesses with a means to nurture trust with its customers regarding collected data. However, it is commonly assumed that the decentralized approach of blockchain technology cannot be applied to this business need. This paper posits a framework that enables a blockchain to be designed that follows the GDPR; thereby, providing an alternative for businesses to collect customers’ data while ensuring the customers’ trust.
“…To arrive at a consistent value, the system needs to have rules in place to determine which value is considered valid. One of the toughest problems to solve is the double spending problem, in which one instance sends the same value to the network twice, but only the one arriving first will be excepted as such [63]. The other one will be made invalid.…”
Section: Exchange Of Digital Valuesmentioning
confidence: 99%
“…The first use case of blockchain was digital money, also called cryptocurrency (because of the cryptographic technology used for it) [62]. It was created to solve the problem, that individuals must trust centralized financial institutions to manage all digital payments and keep transactions, funds and privacy secure [59], [63].…”
The present work deals with the interrelationships of blockchain technology and the new European General Data Protection Regulation, that will be intact after May 28th, 2018. The regulation harmonizes personal data protection across the European Union and aims to return the ownership of personal data to the individual. This thesis, therefore, addresses the question how this new technology that is characterized by decentralization, immutability and truly digitized values will be affected by the strict privacy regulation and vice versa. The aim of this work is to clarify whether blockchains can comply with the new regulation on the one hand and to identify how blockchain could support its compliance, on the other hand. The questions are validated through an extensive literature review and are further investigated by using a Delphi study that asks a panel of 25 renowned experts to find opportunities, limitations and general suggestions about both topics. In addition, a framework is proposed to support the assessment of privacy and related risks of blockchains.
“…There are several types of testing and analysis tools that can be used on smart contracts, such as running hand crafted tests on a fast test network with the truffle framework 3 , fuzzing of the input of the contract, mutating of the code of the contract [23], static analysis of properties of the contract [24], model checking of behaviours of a model of the contract [25], and theorem proving of properties of the program [26]. There are also runtime verification techniques, such as proof carrying code [27].…”
Blockchain technology has become almost as famous for incidents involving security breaches as for its innovative potential. We shed light on the prevalence and nature of these incidents through a database structured using the STIX format. Apart from OPSEC-related incidents, we find that the nature of many incidents is specific to blockchain technology. Two categories stand out: smart contracts, and techno-economic protocol incentives. For smart contracts, we propose to use recent advances in software testing to find flaws before deployment. For protocols, we propose the PRESTO framework that allows us to compare different protocols within a five-dimensional framework.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.