The ability to capture and quantify any aspect of daily life via sensors, enabled by the Internet of Things (IoT), data have become one of the most important resources of the 21st century. However, the high value of data also renders data an appealing target for criminals. Two key protection goals when dealing with data are therefore to maintain their permanent availability and to ensure their integrity. Blockchain technology provides a means of data protection that addresses both of these objectives. On that account, blockchains are becoming increasingly popular for the management of critical data. As blockchains are operated in a decentralized manner, they are not only protected against failures, but it is also ensured that neither party has sole control over the managed data. Furthermore, blockchains are immutable and tamper-proof data stores, whereby data integrity is guaranteed. While these properties are preferable from a data security perspective, they also pose a threat to privacy and confidentiality, as data cannot be concealed, rectified, or deleted once they are added to the blockchain.

In this paper, we therefore investigate which features of the blockchain pose an inherent privacy threat when dealing with personal or confidential data. To this end, we consider to what extent blockchains are in compliance with applicable data protection laws, namely the European General Data Protection Regulation (GDPR). Based on our identified key issues, we assess which concepts and technical measures can be leveraged to address these issues in order to create a privacy-by-design blockchain system.