Towards Blockchain-Based GDPR-Compliant Online Social Networks: Challenges, Opportunities and Way Forward

  • Javed AhmedEmail author
  • Sule Yildirim
  • Mariusz Nowostawski
  • Mohamed Abomhara
  • Raghavendra Ramachandra
  • Ogerta Elezaj
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 1129)


Online Social Networks (OSNs) are very popular and widely adopted by the vast majority of Internet users across the globe. Recent scandals on the abuse of users’ personal information via these platforms have raised serious concerns about the trustworthiness of OSN service providers. The unprecedented collection of personal data by OSN service providers poses one of the greatest threats to users’ privacy and their right to be left alone. The recent approval of the GDPR (General Data Protection Regulation) presents OSN service providers with great compliance challenges. A set of new data protection requirements are imposed on data controllers (OSN service providers) by GDPR that offer greater control to data subjects (OSN users) over their personal data. This position paper investigates the link between GDPR provisions and the use of blockchain technology for solving the consent management problem in online social networks. We also describe challenges and opportunities in designing a GDPR-compliant consent management mechanism for online social networks. Key characteristics of blockchain technology that facilitate regulatory compliance were identified. The legal and technological state of play of the blockchain-GDPR relationship is reviewed and possible ways to reconcile blockchain technology with the GDPR requirements are demonstrated. This paper opens up new research directions on the use of the disruptive innovation of blockchain to achieve regulatory compliance in the application domain of online social networks.


Privacy Data protection GDPR Blockchain Online social network Transparency Subject rights 



This work was carried out at the department of information security and communication technology, Norwegian University of Science and Technology, Gjovik, Norway during the tenure of an ERCIM ‘Alain Bensoussan’ Fellowship Programme.


  1. 1.
    Ahmed, J.: Privacy in online social networks: an ontological model for self-presentation. In: International Conference on Knowledge Engineering and the Semantic Web, pp. 56–70. Springer (2016)Google Scholar
  2. 2.
    Ahmed, J., Governatori, G., van der Torre, L.W.N., Villata, S.: Social interaction based audience segregation for online social networks. In: ECSI, pp. 186–197 (2014)Google Scholar
  3. 3.
    Ahmed, J., Shaikh, Z.A.: Privacy issues in social networking platforms: comparative study of facebook developers platform and opensocial. In: International Conference on Computer Networks and Information Technology, pp. 179–183. IEEE (2011)Google Scholar
  4. 4.
    Alizadeh, F., Jakobi, T., Boldt, J., Stevens, G.: GDPR-Reality check on the right to access data: claiming and investigating personally identifiable data from companies. In: Proceedings of Mensch und Computer 2019, pp. 811–814. ACM (2019)Google Scholar
  5. 5.
    Bahri, L., Carminati, B., Ferrari, E.: Decentralized privacy preserving services for online social networks. Online Soc. Netw. Media 6, 18–25 (2018)CrossRefGoogle Scholar
  6. 6.
    Bayle, A., Koscina, M., Manset, D., Perez-Kempner, O.: When blockchain meets the right to be forgotten: technology versus law in the healthcare industry. In: 2018 IEEE/WIC/ACM International Conference on Web Intelligence (WI), pp. 788–792. IEEE (2018)Google Scholar
  7. 7.
    Bond, R.M., Fariss, C.J., Jones, J.J., Kramer, A.D.I., Marlow, C., Settle, J.E., Fowler, J.H.: A 61-million-person experiment in social influence and political mobilization. Nature 489(7415), 295 (2012)CrossRefGoogle Scholar
  8. 8.
    Boyd, D.M., Ellison, N.B.: Social network sites: definition, history, and scholarship. J. Comput. Mediat. Commun. 13(1), 210–230 (2007)CrossRefGoogle Scholar
  9. 9.
    Chakravorty, A., Rong, C.: Ushare: user controlled social media based on blockchain. In: Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, pp. 99. ACM (2017)Google Scholar
  10. 10.
    Chen, Y., Li, Q., Wang, H.: Towards trusted social networks with blockchain technology. arXiv preprint arXiv:1801.02796 (2018)
  11. 11.
    De, S.J., Imine, A.: On consent in online social networks: privacy impacts and research directions (short paper). In: International Conference on Risks and Security of Internet and Systems, pp. 128–135. Springer (2018)Google Scholar
  12. 12.
    Farshid, S., Reitz, A., Roßbach, P.: Design of a forgetting blockchain: a possible way to accomplish GDPR compatibility. In: Proceedings of the 52nd Hawaii International Conference on System Sciences (2019)Google Scholar
  13. 13.
    Feng, Q., He, D., Zeadally, S., Khan, M.K., Kumar, N.: A survey on privacy protection in blockchain system. J. Netw. Comput. Appl. 126, 45–58 (2018)CrossRefGoogle Scholar
  14. 14.
    Finck, M.: Blockchains and data protection in the european union. Eur. Data Prot. L. Rev. 4, 17 (2018)CrossRefGoogle Scholar
  15. 15.
    Gross, R., Acquisti, A.: Information revelation and privacy in online social networks. In: Proceedings of the 2005 ACM workshop on Privacy in the electronic society, pp. 71–80. ACM (2005)Google Scholar
  16. 16.
    Ho, A., Maiga, A., Aïmeur, E.: Privacy protection issues in social networking sites. In: 2009 IEEE/ACS International Conference on Computer Systems and Applications, pp. 271–278. IEEE (2009)Google Scholar
  17. 17.
    Ibáñez, L.-D., O’Hara, K., Simperl, E: On blockchains and the general data protection regulation (2018)Google Scholar
  18. 18.
    Isaac, M.: Facebook security breach exposes accounts of 50 million users (2018)Google Scholar
  19. 19.
    Kramer, A.D., Guillory, J.E., Hancock, J.T.: Experimental evidence of massive-scale emotional contagion through social networks. Proc. Nat. Acad. Sci. 111(24), 8788–8790 (2014)CrossRefGoogle Scholar
  20. 20.
    Millard, C.: Blockchain and law: incompatible codes? Comput. Law Secur. Rev. 34(4), 843–846 (2018)MathSciNetCrossRefGoogle Scholar
  21. 21.
    Molina-Jimenez, C., Sfyrakis, I., Solaiman, E., Ng, I., Wong, M.W., Chun, A., Crowcroft, J.: Implementation of smart contracts using hybrid architectures with on and off–blockchain components. In: 2018 IEEE 8th International Symposium on Cloud and Service Computing (SC2), pp. 83–90. IEEE (2018)Google Scholar
  22. 22.
    Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (white paper) (2008). Accessed 28 May 2019
  23. 23.
    Nissenbaum, H.: Privacy as contextual integrity. Wash. L. Rev. 79, 119 (2004)Google Scholar
  24. 24.
    Onik, M.M.H., Kim, C.-S., Yang, J.: Personal data privacy challenges of the fourth industrial revolution. In: 2019 21st International Conference on Advanced Communication Technology (ICACT), pp. 635–638. IEEE (2019)Google Scholar
  25. 25.
    Qin, D., Wang, C., Jiang, Y.: RPchain: a blockchain-based academic social networking service for credible reputation building. In: International Conference on Blockchain, pp. 183–198. Springer (2018)Google Scholar
  26. 26.
    Seneviratne, O., Kagal, L.: Enabling privacy through transparency. In: 2014 Twelfth Annual International Conference on Privacy, Security and Trust, pp. 121–128. IEEE (2014)Google Scholar
  27. 27.
    Smith, K.: 53 incredible facebook statistics and facts (2019)Google Scholar
  28. 28.
    Tikkinen-Piri, C., Rohunen, A., Markkula, J.: EU general data protection regulation: changes and implications for personal data collecting companies. Comput. Law Secur. Rev. 34(1), 134–153 (2018)CrossRefGoogle Scholar
  29. 29.
    van Geelkerken, F.W.J., Konings, K.: Using blockchain to strengthen the rights granted through the GDPR. In: Litteris et Artibus, pp. 458–461 (2017)Google Scholar
  30. 30.
    Voigt, P., Von dem Bussche, A.: The EU general data protection regulation (GDPR). In: A Practical Guide, 1st edn. Springer, Cham (2017)Google Scholar
  31. 31.
    Vujicic, D., Jagodic, D., Randic, S.: Blockchain technology, bitcoin, and Ethereum: a brief overview. In: 2018 17th International Symposium INFOTEH-JAHORINA (INFOTEH), pp. 1–6. IEEE (2018)Google Scholar
  32. 32.
    Wang, Y., Kogan, A.: Designing confidentiality-preserving blockchain-based transaction processing systems. Int. J. Account. Inf. Syst. 30, 1–18 (2018)CrossRefGoogle Scholar
  33. 33.
    Westerkamp, M., Göndör, S., Küpper, A.: Tawki: towards self-sovereign social communication (2019)Google Scholar
  34. 34.
    Yaga, D., Mell, P., Roby, N., Scarfone, K.: Blockchain technology overview. arXiv preprint arXiv:1906.11078 (2019)
  35. 35.
    Yeung, C.A., Liccardi, I., Lu, K., Seneviratne, O., Berners-Lee, T.: Decentralization: the future of online social networking. In: W3C Workshop on the Future of Social Networking Position Papers, vol. 2, pp. 2–7 (2009)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Javed Ahmed
    • 1
    • 2
    Email author
  • Sule Yildirim
    • 1
  • Mariusz Nowostawski
    • 1
  • Mohamed Abomhara
    • 1
  • Raghavendra Ramachandra
    • 1
  • Ogerta Elezaj
    • 1
  1. 1.Norwegian University of Science and TechnologyGjovikNorway
  2. 2.Sukkur IBA UniversitySukkurPakistan

Personalised recommendations