Blockchain and Privacy Protection in the Case of the European General Data Protection Regulation (GDPR): A Delphi Study

Abstract

The present work deals with the inter relationships of blockchain technology and the new European General Data Protection Regulation, that will be intact after May 28th, 2018. The regulation harmonises personal data protection across the European Union and aims to return the ownership of personal data to the individual. This thesis, therefore, addresses the question how this new technology that is characterised by decentralisation, immutability and truly digitised values will be affected by the strict privacy regulation and vice versa. The aim of this work is to clarify whether blockchains can comply with the new regulation on the one hand and to identify how blockchain could support its compliance, on the other hand. The questions are validated through an extensive literature review and are further investigated by using a Delphi study that asks a panel of 25 renowned experts to find opportunities, limitations and general suggestions about both topics. In addition, a framework is proposed to support the assessment of privacy and related risks of blockchains. As a result, it becomes apparent that blockchains can become more privacy friendly and comply with the regulation if an active dialogue between blockchain developers and regulatory authorities helps to strengthen their mutual understanding and work. With the support of this work and the blockchain Privacy Impact Assessment canvas a foundation for the necessary next steps is laid to overcome the challenges of defining a data controller or deleting personal data within a blockchain.