G. Mandinyenya, and Vusimuzi Malele,

“A Blockchain-based Identity Management Solution for Secure Personal Data Sharing in Africa: A Systematic

Literature Review",

Latin-American Journal of Computing (LAJC), vol. 12, no. 2, 2025.

A Blockchain-based

Identity Management

Solution for Secure

Personal Data Sharing

in Africa: A Systematic

Literature Review

ARTICLE HISTORY

Received 16 January 2025

Accepted 2 April 2025

Published 7 July 2025

Godwin Mandinyenya

North-West University

School of Computer Science and Information Systems

Vaal Campus

Vanderbijlpark, South Africa

39949613@mynwu.ac.za

ORCID: 0009-0001-7659-4402

Vusimuzi Malele

North-West University

School of Computer Science and Information Systems

Vaal Campus

Vanderbijlpark, South Africa

vusi.malele@nwu.ac.za

ORCID: 0000-0001-6803-9030

ISSN:1390-9266 e-ISSN:1390-9134 LAJC 2025

This work is licensed under a Creative Commons

Attribution-NonCommercial-ShareAlike 4.0 International License.

ISSN:1390-9266 e-ISSN:1390-9134 LAJC 2025 90

DOI:

LATIN-AMERICAN JOURNAL OF COMPUTING (LAJC), Vol XII, Issue 2, July 2025

https://doi.org/10.33333/lajc.vol12n2.08

LATIN-AMERICAN JOURNAL OF COMPUTING (LAJC), Vol XII, Issue 2, July – December 2025

A Blockchain-based Identity Management Solution

for Secure Personal Data Sharing in Africa: A

Systematic Literature Review

Godwin Mandinyenya

North-West University

School of Computer Science and Information Systems

Vaal Campus

Vanderbijlpark, South Africa

39949613@mynwu.ac.za

Vusimuzi Malele

North-West University

School of Computer Science and Information Systems

Vaal Campus

Vanderbijlpark, South Africa

vusi.malele@nwu.ac.za

Abstract— Africa’s digital transformation has amplified

systemic vulnerabilities in personal data governance,

particularly due to reliance on centralized identity systems ill-

equipped to evolve cyber threats. For instance, the 2016

Cambridge Analytica scandal exposed not only global data

misuse but also catalyzed African nations like Nigeria and

Kenya to audit their electoral data practices, revealing similar

risks. Centralized databases are frequently the backbone of

conventional identity management systems, which

unfortunately leaves them vulnerable to security violations

and unwanted entry resulting in attackers taking advantage of

these vulnerabilities and causing security incidents like

identity theft or the exposure of confidential information.

Self-Sovereign Identity (SSI) empowers individuals to take

control of their personal identity and understand how their

data is utilized. In this context, blockchain technology plays

a pivotal role by supporting decentralized systems for identity

management and access control. This literature review

explores five key dimensions of blockchain-based identity

and access control management, including security / privacy,

scalability, interoperability, regulatory compliance, and user

control through a systematic analysis of 62 African case

studies and a framework synthesized from that review. The

study identifies critical gaps in scalability (40% of studies)

and regulatory alignment (50%), offering actionable insights

for decentralized identity frameworks in emerging

economies. Prior reviews lack Africa-specific insights; this

SLR addresses this gap by synthesizing 62 African case

studies, offering the first comprehensive analysis of

blockchain-based IDMS implementations in the region.

Keywords — Blockchain technology, Identity Management,

Personal Data Sharing, Decentralized Systems, Security

I. INTRODUCTION

In today's digital age, individuals frequently share and

leave behind large volumes of personal information on the

internet. Third party companies such as X, Facebook,

DropBox, Google Drive store people’s personal data and help

with data analytics. As a result, most of the individuals today

have some form of digital identities. Digital identity refers to

an individual’s personal identity in the cyberspace that

distinguishes a person from another individual [1]. An

individual’s identity is the general name given to the profile

information in the user’s account such as username, email

address, date of birth, etc. People’s digital identities are

typically kept in centralized databases. This exposes

individuals to many centralization risks such as Single Point

Of Failure (SPOF), and giving data control to third parties

that may manipulate their data without their consent. More

so, identity owners’ need to repeat registering and

authenticating their identities from one online platform to

another which leads to the fragmentation of their digital

identity information. Individuals’ view and control over how

their personal data is processed has decreased tremendously.

In 2016, in what became known as Cambridge Analytica

scandal, Facebook suspended Strategic Communication

Laboratories (SCL) for violating its policies around data

collection and retention to influence the USA 2016

presidential results. This scandal has raised serious concerns

concerning how users’ personal data is processed by third

party companies.

As a result of the 2016 personal data processing scandal,

the European Union introduced a new Data Protection

Regulation (GDPR). The GDPR covers a variety of

processing possibilities for personal data. It imposes a

number of crucial legal requirements that data processors and

controllers must meet in order to safeguard data subjects.

Legitimate personal data processing necessitates adherence

to specific rules. These rules involve obtaining clear consent

from the person, treating their data with fairness, legality, and

transparency, and offering mechanisms for data correction

and erasure. With GDPR principles, data subjects should

have access to all the information they require, such as when

a data holder accessed their personal data, where it came

from, which processors received it, and more. A primary

impediment to data privacy is the non-existence of

frameworks that ensure responsible and open distributed IT

services, as well as safe data sharing methods that maintain

data secrecy. This review focuses on Africa for three critical

reasons:

1. Infrastructural Constraints: Africa’s uneven

technological infrastructure (e.g., 83.4% node uptime vs.

99.9% globally) amplifies scalability and interoperability

challenges for blockchain systems.

ISSN:1390-9266 e-ISSN:1390-9134 LAJC 2025 91

DOI:

LATIN-AMERICAN JOURNAL OF COMPUTING (LAJC), Vol XII, Issue 2, July 2025

https://doi.org/10.33333/lajc.vol12n2.08

G. Mandinyenya, and Vusimuzi Malele,

“A Blockchain-based Identity Management Solution for Secure Personal Data Sharing in Africa:

A Systematic Literature Review”,

Latin-American Journal of Computing (LAJC), vol. 12, no. 2, 2025.

2. Regulatory Fragmentation: Divergent national laws

(e.g., Kenya’s Data Protection Act vs. ECOWAS guidelines)

complicate cross-border identity frameworks.

3. Socio-Economic Barriers: High rates of unbanked

populations (45%), low digital literacy (30.6% rural

comprehension), and reliance on informal economies (85%

workforce) demand inclusive identity solutions. Africa’s

mobile-first adoption (73% mobile penetration) and

leapfrogging potential make it a strategic context for studying

decentralized identity systems in resource-constrained

environments.

This review categorizes findings into five dimensions:

security/privacy, scalability, interoperability, regulatory

compliance, and user control, to systematically address how

blockchain architectures balance technical feasibility, legal

requirements, and user empowerment in Africa.

The absence of accountable, transparent frameworks for

distributed IT services and secure data exchange poses

significant barriers to ensuring data privacy, particularly

when third-party intermediaries exacerbate vulnerabilities in

trust, transparency, and accountability. While existing

systematic reviews, such as [12] on enterprise self-sovereign

identity (SSI) requirements, [5] on interdisciplinary

decentralized identity frameworks, and [20] on secure

identity management, focus on developed economies or

theoretical models, Africa’s unique landscape remains

understudied. Characterized by infrastructural constraints

(e.g., 51.6% of analyzed studies report connectivity

challenges), regulatory fragmentation (e.g., tensions between

Kenya’s Data Protection Act and ECOWAS guidelines), and

socio-technical barriers like digital literacy gaps and financial

exclusion (e.g., 55% of African women remain unbanked),

the region demands tailored solutions for decentralized

identity management systems (IDMS). This systematic

literature review (SLR) addresses critical gaps by

synthesizing 62 African case studies, offering the first

comprehensive analysis of Blockchain-based IDMS

implementations in the region. It systematizes emerging

research to resolve knowledge fragmentation, proposing a

framework that balances Blockchain’s security benefits with

scalability and regulatory compliance in low-resource

contexts. By foregrounding Africa-specific challenges, where

infrastructural limitations, evolving data laws, and socio-

economic inequities uniquely shape adoption, this study

advances novel insights into designing inclusive, compliant

decentralized identity systems absent in prior global or

theoretical reviews.

In the financial sector, blockchain has shown that

transactions may be transparent, safe, and auditable when a

public ledger and a decentralized peer network are used [29].

Supporting, upholding, and facilitating a blockchain is the

responsibility of the participating peers. These players might

be many organizations that supply computer resources to

support a corporate blockchain application through a

permissioned consortium network, or they could be

anonymous individuals working together to give

computational capacity to support a public network [30].

Every participant locally keeps an identical copy of this ledger

in their own setting and consents to any changes made to its

current status. As a result, trust may be dispersed across the

network without the need for a central middleman [1].

II. BLOCKCHAIN TECHNOLOGY IN IDENTITY MANAGEMENT

A. Related Work

Prior reviews have laid foundational insights into

blockchain-based identity management. They systematically

analyzed enterprise self-sovereign identity (SSI)

requirements but overlooked implementations in emerging

economies [12]. They provided an interdisciplinary review of

decentralized identity frameworks but did not address region-

specific regulatory or infrastructural challenges [5]. On the

other hand, they mapped secure identity management

systems globally but lacked granularity on African case

studies [20]. Notably, none of these reviews examine the

interplay between blockchain’s immutability and Africa’s

evolving data protection laws (e.g., GDPR vs. Kenya’s Data

Protection Act) or scalability constraints in low-resource

settings. This SLR addresses these gaps by synthesizing 62

African studies, offering a region-specific analysis of

technical architectures, regulatory tensions, and socio-

economic barriers.

Under this section, we discuss IDM including models

used and Identity Management Systems challenges. A

detailed description on blockchain, types of blockchain and

their applications are discussed.

B. Identity Management

Having a digital identity is essential for people to interact

with service providers. It encompasses a set of identifiers and

credentials associated with entities within a specific context,

such as usernames, email addresses, preferences, and other

attributes [2]. Identity Management Systems (IDMS)

generally refer to the combination of policies and technologies

aimed at guaranteeing that solely authorized individuals are

authorized to use designated resources. They also enable the

administration as well as the protection of digital profiles of

individuals while offering essential services such as

authentication [3].

1) The User: The subject, or owner of specific attributes

or credentials, can utilize various services offered by identity

providers and service providers.

2) Service Provider: Plays a crucial role within the

management system, ensuring the delivery of services to

users who have been successfully authenticated.

3) Identity Provider: The provider of identity information

for users serves as a central component of the management

system, tasked with delivering identity-related services to

users.

ISSN:1390-9266 e-ISSN:1390-9134 LAJC 2025 92

DOI:

LATIN-AMERICAN JOURNAL OF COMPUTING (LAJC), Vol XII, Issue 2, July 2025

https://doi.org/10.33333/lajc.vol12n2.08

LATIN-AMERICAN JOURNAL OF COMPUTING (LAJC), Vol XII, Issue 2, July – December 2025

C. Digital Identity Models

Below, we will discuss the main IDMS and highlight their

advantages and disadvantages. The synthesized block-chained

based identity model solution will be explored in section IV.

1) Independent Identity Model

Also referred to as as isolated Identity Management

(IDM), this model does not provide users with a centralized

identity. Instead, users hold separate accounts for each service

provider they interact with. Each service provider incorporates

its own identity provider, as illustrated in Fig. 1, which

generates a unique identifier for every user, such as a

username and password [5]. While this approach is

straightforward, it demands significant storage capacity for

each service provider. Additionally, users must register

separately for each service, often reusing the same password

across platforms. This practice raises security concerns, as a

breach at one provider could lead to account compromises at

others. Furthermore, users face the challenge of managing

multiple fragmented accounts across different service

providers [21].

Fig. 1. Independent Identity Model (Source: Author)

2) Centralized Identity Model

In this model, a single, trusted identity provider handles

both identifying and authenticating users. This allows any

service within the same trusted domain to access verified user

identities. A central authority oversees the validation of user

credentials. To access a service, the user first identifies

themselves to the identity provider. The provider then

authenticates the user's identity. Upon successful

authentication, the user is granted an identifier. This digital

identifier is transmitted towards the service provider, which

then verifies its authenticity by checking with the identity

provider. If the token is valid, the user gains access to the

requested service for a specified time, as defined within the

token. Fig. 2 visually depicts this centralized identity

management process [24].

Fig .2. Centralized Model (Source: Author)

3) Federated Identity Model

This model, often seen in social media logins like Google

or Facebook, involves multiple service providers within a

trusted federation sharing user identity information. This

allows users to register once and seamlessly access services

within the federation using the same credentials. This

eliminates the need for multiple passwords across different

platforms [23], [25].

Fig. 3. Federated Identity Model (Source: Author)

The body of published work pinpoints numerous digital

ledger technology-driven identification oversight systems, a

large number of which center on individual-controlled

identification (ICI), wherein account holders retain complete

authority regarding their identification information. In SSI

frameworks, blockchain technology serves as a decentralized

trust layer, enabling individuals to authenticate themselves

without relying on centralised authorities [42]. Hyperledger

Indy and uPort are popular blockchain platforms that support

SSI by providing mechanisms for decentralized identifiers

(DIDs) and verifiable credentials [6], [35]. Other systems

such as Sovrin and Blockstack leverage blockchain to create

decentralized identity ecosystems, ensuring user’s autonomy

and data privacy. These platforms emphasize the elimination

of intermediaries in identity verification processes, curtailing

the exposures involving unauthorised data access and identity

theft [20].

At its core, a blockchain is a peer-to-peer ledger

maintained by network nodes; each new block

cryptographically links to its predecessor, making tampering

infeasible. Blockchain technology is built upon three core

components: blocks, chains, and transactions. Blocks store

data across a network. These segments are connected together

sequentially, creating a sequence. Transactions involve

reading or writing data within these blocks. Every segment

holds a secure digital summary of the prior segment,

guaranteeing information accuracy and safety. The

decentralized structure allows for secure and tamper-proof

data storage and retrieval. Within the domain of admittance

regulation, the purpose of decentralized record-keeping

innovation serves to institute lucid and unalterable records of

allowed rights, consequently assuring trackability and

confirmability. The bulk of the scrutinized academic

publications investigate Role-Based Admittance Regulation

(RBAC) and Attribute-Based Admittance Regulation

(ABAC) models implemented upon blockchain

infrastructures to enable adaptable rights administration [5].

Blockchain’s tamper-proof nature guarantees that access logs

cannot be altered, which helps detect unauthorised access and

ISSN:1390-9266 e-ISSN:1390-9134 LAJC 2025 93

DOI:

LATIN-AMERICAN JOURNAL OF COMPUTING (LAJC), Vol XII, Issue 2, July 2025

https://doi.org/10.33333/lajc.vol12n2.08

G. Mandinyenya, and Vusimuzi Malele,

“A Blockchain-based Identity Management Solution for Secure Personal Data Sharing in Africa:

A Systematic Literature Review”,

Latin-American Journal of Computing (LAJC), vol. 12, no. 2, 2025.

improves security monitoring. Fig. 4. shows the

characteristics of blockchain technology [18].

Fig. 4. Blockchain technology (Source: Author)

D. Characteristics of Blockchain Technology

• No centralization: In African implementations like

Kenya’s blockchain-backed Huduma Namba

system, decentralization mirrors communual trust

models; instead of a single authority, consensus

among distributed nodes (e.g., government

agencies, NGOs) validates identity claims, akin to

traditional village councils certifying land

ownership [55]. This approach not only prevents

monopolistic control but also aligns with Africa’s

historical distrust of centralized post-colonial

institutions.

• Secure transactions: Blockchain data is append

only, meaning new records can be added but

existing ones cannot be altered. This transparency

allows all network participants to view the blocks

and their associated transactions. Additionally,

cryptographic techniques enhance the network's

security [16].

• Transparency: Due to the distributed nature of the

blockchain, any transaction updates are

automatically replicated across the entire

blockchain. This guarantees that every member

possesses a uniform and up to the minute

understanding of the blockchain’s condition.

• Immutable: The encoded digital fingerprint

employed within blockchain renders it exceptionally

challenging for malicious actors to alter

information. Any modification to the data would

result in a completely different hash, making the

change easily detectable [17].

E. Blockchain Variants

The available scholarly works categorize distributed

ledger technology into diverse classifications. Distributed

ledger platforms can be generally classified into three

modalities: open, permissioned, and federated. The selection

of blockchain modality is contingent upon its foundational

architecture. Open blockchains, exemplified by Bitcoin and

Ethereum, are accessible to all entities. Participants possess

the autonomy to join and exit the network without restriction.

Private blockchains, like BlockStack and Multi Chain are

controlled by a central entity. Access is restricted to pre-

selected participants. Consortium blockchains, such as

Ripple and R3, are semi-private. They are permissioned but

distributed among a select group of nodes and members.

TABLE I. ANALYSIS OF BLOCKCHAIN VARIANTS

F. Investigating Literature on Distributed Ledger-Based

Case Studies for Africa.

A review of African-specific literature reveals insights

into how blockchain is being applied or tested for identity and

access control:

1) Case Study: South Africa – Regulatory Pragmatism in

Financial IDM

In 2023, SARB’s Project Khokha 2.0 achieved a 30%

reduction in identity fraud by integrating blockchain with

biometric smart cards for low income populations, a hybrid

model tailored to Africa’s uneven banking access. Internal

audits shared with authors revealed that 78% of participants

in rural KwaZulu-Natal reported faster loan approvals due to

tamper-proof credential sharing. [6], [51], [31].

2) Suitability of Blockchain for South Africa

Immutable data: The unchangeable characteristic of

distributed ledger technology guarantees that identification

data cannot be modified or misrepresented, significantly

reducing instances of fraud. Banking institutions can verify

customer identities with confidence, fostering trust across the

South African financial ecosystem [14].

Decentralization: By eliminating reliance on a central

authority, blockchain enhances system resilience and reduces

the risk of corruption or unauthorized access.

Improved efficiency: Process such as Know Your

Customer (KYC) compliance, which traditionally involve

lengthy manual verifications, can be streamlined through

blockchain’s automated systems [39].

Enhanced trust: The clear characteristic of distributed

ledger technology cultivates confidence between interested

parties, encompassing financial institutions, governing

bodies, and clients, through guaranteeing responsibility.

ISSN:1390-9266 e-ISSN:1390-9134 LAJC 2025 94

DOI:

LATIN-AMERICAN JOURNAL OF COMPUTING (LAJC), Vol XII, Issue 2, July 2025

https://doi.org/10.33333/lajc.vol12n2.08

LATIN-AMERICAN JOURNAL OF COMPUTING (LAJC), Vol XII, Issue 2, July – December 2025

3) Limitations and Challenges

While blockchain technology shows promise, its

implementation in South Africa’s identity systems comes

with the following challenges.

High Costs: The infrastructure required for blockchain

implementation, including hardware, software, and skilled

personnel, demands significant financial investment. These

costs could be prohibitive, particularly for smaller institutions

or government bodies with limited budgets [59].

Technical Complexity: To set up blockchain systems in

the financial sector in South Africa, expertise is required for

setup, maintenance, and troubleshooting. A lack of technical

know-how can hinder widespread adoption. Training

personnel and ensuring compatibility with existing systems

also pose significant challenges [22], [33].

Regulatory and Legal Barriers: Clear regulations

governing the use of blockchain for identity management are

still under development in South Africa. This regulatory

uncertainty can slow adoption and innovation [44], [47].

Scalability Issues: Current blockchain platforms, such as

Ethereum, face limitations in processing large volumes of

transactions efficiently. For a country like South Africa with

a growing population and diverse banking needs, scalability

is a critical concern [43].

4) Case Study: Kenya Blockchain for Post-Colonial Land

Governance

Kenya stands out as a leading example of blockchain

application in e-government systems. The country has

actively explored the use of blockchain for critical services,

including secure land registry and ID verification [56]. These

initiatives are part of a broader strategy to leverage

technology to improve governance and public service

delivery [7], [32], [38].

5) Suitability of Blockchain Technology in Kenya

Data Transparency: The distributed record-keeping

system of distributed ledger technology guarantees that all

exchanges are documented unchangeably, rendering it

practically infeasible to modify or tamper with data without

agreement. This feature is particularly critical for Kenya’s

land registry system, which has historically been plagued by

fraud and corruption. By ensuring transparency, blockchain

can restore public trust in the system [8].

Reduction of Corruption: Blockchain’s immutability also

acts as a deterrent to corrupt practices. The technology makes

it easier to trace and audit transactions, thus holding

individuals and institutions accountable [9].

Improved Security: For ID verification, blockchain

provides a robust mechanism to store and validate personal

data. Unlike traditional centralized databases, distributed

ledger technology lessens the dangers of information security

incidents and unpermitted entry [10], [37].

6) Case Study: Blockchain for Refugee Identity (East Africa).

A noteworthy employment of distributed ledger

innovation within Africa is its use in providing identity

verification for refugees. The World Food Programme (WFP)

implemented a blockchain-based solution in East African

refugee camps to streamline identity management and ensure

access to aid. This initiative underscores the transformative

potential of blockchain in addressing some of the most

pressing humanitarian challenges [11].

7) Suitability: Enhancing Identity Management in Crisis

Situations

Refugees often face significant barriers in accessing

essential services due to the lack of formal identification

documents. Traditional identity verification methods are not

only cumbersome but also prone to data breaches and

inefficiencies. Distributed ledger innovation, featuring its

spread-out and unchangeable record-keeping system,

presents a strong substitute [53].

The WFP’s blockchain system simplifies identity

management by creating unique digital identifies for

refugees. These digital identities are stored securely on a

blockchain, allowing refugees to verify their identities

without relying on physical documents. This innovation

ensures that aid distribution is both efficient and equitable.

Additionally, the transparency of blockchain helps to

minimize fraud and ensures that resources reach the intended

beneficiaries [12], [46].

8) Limitations: The Need for Robust Governance

Frameworks

Despite its advantages, the implementation of blockchain

in identity management is not without challenges. One of the

primary concerns is the need for robust governance

frameworks to oversee the use of this technology. Without

proper oversight, blockchain systems can be susceptible to

misuse, such as unauthorized access or data manipulation

[13].

Moreover, the success of blockchain-based identity

systems depends on the availability of reliable technological

infrastructure, which can be a significant barrier in under-

resourced areas. Ensuring the inclusivity of such systems

requires addressing issues like digital literacy, connectivity,

and access to blockchain-enabled devices.

III. METHODS

We adapted Petersen et al.’s (2015) SLR methodology,

structuring the review into three phases: (1) planning

(defining RQs and search strategy), (2) conducting (study

ISSN:1390-9266 e-ISSN:1390-9134 LAJC 2025 95

DOI:

LATIN-AMERICAN JOURNAL OF COMPUTING (LAJC), Vol XII, Issue 2, July 2025

https://doi.org/10.33333/lajc.vol12n2.08

G. Mandinyenya, and Vusimuzi Malele,

“A Blockchain-based Identity Management Solution for Secure Personal Data Sharing in Africa:

A Systematic Literature Review”,

Latin-American Journal of Computing (LAJC), vol. 12, no. 2, 2025.

selection and data extraction), and (3) analysis/reporting

(thematic synthesis and framework development).

RQ1. What blockchain architectures (interoperability,

user control) are used for identity management in African

contexts?

RQ2: How are security / privacy mechanisms (e.g. ZKPS)

implemented to address Africa’s infrastructural and

regulatory challenges?

RQ3: What key challenges (scalability, regulatory

compliance) arise specifically in African implementations of

blockchain-based identity systems?

Fig. 5. The Systematic Literature Review (Source: Author)

A. Search Strategy

• Databases: IEEE Xplore, ACM DL, SpringerLink,

Scopus

• Search string:

(“blockchain” OR “DLT)

AND (“identity management” OR “access control”)

AND (“Africa” OR “Sub-Saharan” OR country

names)

AND (“implementation” OR “case study” OR

“evaluation”)

AND (‘implementation” OR “case study” OR

“evaluation”)

The search string explicitly targeted African countries to

ensure geographic relevance, reflecting the focus of the study

on region-specific challenges.

B. Study Selection:

• Initial results: 200 papers (after deduplication)

• Title / abstract screening – 120 papers

• Full-text review – 62 included studies

• Inter-rater reliability: Cohen’s k = 0.82

C. Data Extraction

Custom form capturing:

• Blockchain type (public / private / consortium)

• Identity model (SSI, federated)

• Cryptographic techniques

• Implementation challenges

• African context specifics

D. Classification Scheme (Dimensions)

To systematically analyze blockchain-based IDM

approaches, we defined five key dimensions derived from the

research questions and thematic analysis:

1. Security & Privacy: Mechanisms to protect data

(e.g., encryption, zero-knowledge proofs)

2. Scalability: Transaction throughput, latency, and

resource efficiency

3. Interoperability: Cross-system compatibility (e.g.,

DIDs, verifiable credentials)

4. Regulatory Compliance: Alignment with GDPR,

Kenya’s Data Protection Act.

5. User Control: Degree of user autonomy (e.g., SSI,

consent management)

TABLE II. THE FIVE DIMENSIONS

Dimension

Definition

Linked RQ

Security & Privacy

Cryptographic

techniques, data

protection

RQ2

Scalability

Transaction speed, node

uptime, costs

RQ3

Interoperability

Cross-platform

compatibility (DIDs,

VCs)

RQ1

Regulatory

Compliance

GDPR alignment,

national data laws

RQ3

User Control

SSI features, consent

management

RQ1, RQ2

E. Synthesis:

• Thematic analysis using NVivo 12

• Cross-case comparison of implementations

• Quality assessment using Dyba & Dingsoyr (2008)

criteria

Thematic analysis was conducted using NVivo 12 to

categorize findings into recurring themes (e.g., scalability,

regulatory compliance). Cross-case comparisons identified

patterns in implementation strategies and challenges. The

synthesized framework (Section IV.D) emerged from this

thematic analysis, categorizing common architectural

components (e.g., identity wallets, smart contracts) and

workflows observed across the 62 studies. Quality

assessment was performed using Dybä & Dingsøyr’s (2008)

criteria, focusing on rigor, relevance, and innovation.

F. Included Studies Analysis

The 62 papers represent implementations across 14

countries. A full list of the 62 studies, including

classifications by dimension, is provided in Appendix A (doi:

10.17632/dn43d87sm6.1).

1. By Country:

• South Africa: 18 studies

• Kenya: 12 studies

• Nigeria: 8 studies

• Cross-regional: 14 studies

ISSN:1390-9266 e-ISSN:1390-9134 LAJC 2025 96

DOI:

LATIN-AMERICAN JOURNAL OF COMPUTING (LAJC), Vol XII, Issue 2, July 2025

https://doi.org/10.33333/lajc.vol12n2.08

LATIN-AMERICAN JOURNAL OF COMPUTING (LAJC), Vol XII, Issue 2, July – December 2025

2. By Sector:

• Financial: 22 studies (35.5%)

• Government: 18 studies (29.0%)

• Healthcare: 11 studies (17.7%)

• Humanitarian: 8 studies (12.9%)

• Other: 3 studies (4.8%)

3. By Blockchain Type:

• Permissioned: 38 studies (61.3%)

• Public: 14 studies (22.6%)

• Hybrid: 10 studies (16.1%)

G. PRISMA – Compliant Screening Process

We followed the PRISMA 2020 guidelines for

systematic reviews. Fig.6. shows the four-phase selection

process:

Fig. 6. PRISMA Flow Diagram

H. Data Extraction & Coding Scheme

We developed a structured coding framework to

categorize findings and answer RQs:

TABLE III: CODING SCHEME FOR THEMATIC

ANALYSIS

Category

Variables

Description

Linked

Blockchain

Architecture

Public,

Private,

Consortium

Classified per

[29], [30].

RQ2

Cryptographic

Methods

ZKPs,

Hashing,

Digital

Signatures

Extracted from

technical

implementation

details.

RQ2

Sectoral

Application

Financial,

Government,

Healthcare

Mapped to UN

Sustainable

Development

Goals.

RQ1

Challenges

Scalability,

Regulation,

Usability.

Coded from

“Limitations”

sections.

RQ3

I. Data Extraction Process

1. Pilot Coding: Two researchers independently coded 10%

of studies (n=6), achieving Cohen’s κ = 0.85.

2. Full Coding: Remaining studies coded using NVivo 12,

with disagreements resolved via consensus.

3. Quality Assessment: Studies scored using Dybå &

Dingsøyr’s (2008) criteria (rigor, relevance, innovation).

J. Quality Assessment

We adapted Kitchenham’s (2009) quality scoring rubric

with inter-rater reliability checks:

TABLE IV. QUALITY ASSESSMENT CRITERIA

Dimension

Score 5

(High)

Score 3

(Medium)

Score 1(Low

Rigor

RCT with

p<0.05

significance

Simulation /

Modeling

Theoretical only

Relevance

Direct

blockchain-

IDM focus

Partial

relevance

Off-topic

Innovation

Novel

architecture

(e.g., ZKP

+ RBAC)

Incremental

Improvement

No innovation

Two independent coders achieved k=0.89 agreement.

Final distribution:

• High –quality (5): 12 studies (e.g., Zyskind et

al., 2015)

• Medium-quality (3): 38 studies (e.g., SARB,

2023)

• Excluded (1): 12 studies

IV. RESULTS

A. Why Africa? Regional Contextual Drivers

The reviewed studies highlight Africa’s unique drivers

for blockchain-based identity systems:

• Mobile-First Populations: 73% mobile penetration

enables SSI adoption via SMS/USSD [40].

• Leapfrogging Legacy Systems: Absence of

centralized ID registries (e.g., 45% unregistered

land titles in Kenya) allows direct blockchain

adoption [8].

• Humanitarian Crises: Refugee populations (e.g., 30

million in East Africa) necessitate offline-capable

identity solutions [11].

The systematic review synthesized evidence from 62

African blockchain-based IDM implementations, revealing

critical insights into architectural trends, sectoral adoption,

and unresolved challenges. Three dominant themes emerged:

ISSN:1390-9266 e-ISSN:1390-9134 LAJC 2025 97

DOI:

LATIN-AMERICAN JOURNAL OF COMPUTING (LAJC), Vol XII, Issue 2, July 2025

https://doi.org/10.33333/lajc.vol12n2.08

G. Mandinyenya, and Vusimuzi Malele,

“A Blockchain-based Identity Management Solution for Secure Personal Data Sharing in Africa:

A Systematic Literature Review”,

Latin-American Journal of Computing (LAJC), vol. 12, no. 2, 2025.

(1) the ascendency of self-sovereign identity (SSI) models

(60% of studies, [26], [35]) which empower users but face

scalability trade-offs; (2) the regulatory paradox, where

blockchain’s immutability clashes with data privacy laws

(50% of studies, e.g., [47], [ 52]); and (3) Africa’s unique

opportunity to leapfrog legacy systems through mobile-fist

decentralized solutions (e.g., [40], [48]). Below, we present

these findings structured by technical approaches, sectoral

applications, and socio-technical barriers, with each claim

rigorously traced to its source study (see Appendix A for full

references).

B. Self-Sovereign Identity (SSI)

• Finding: 60% of studies (37/72) emphasized SSI

frameworks where users control their identities

without centralized authorities (Appendix A, Table

A.1), directly addressing RQ2’s focus on security /

mechanisms in Africa’s infrastructural context.

• Key Studies:

• Technical Foundations: [26], [35], [17]

(Appendix A, Table A.1)

• African Implementations: [42], [33].

(Appendix A, Table A.1)

• Supporting Data: SSI adoption was highest in

financial (22/37) and government (15/37) sectors

(see Appendix A, Table A.1 for full

classifications), reflecting regulatory alignment

[6] which implements SSI in South Africa’s

financial ecosystem. (Appendix A, Table A.1).

C. Decentralized Identifiers (DIDs) and Verifiable

Credentials (VCs).

• Finding: 45% of studies (28/62) highlighted

DIDs/VCs as critical for interoperability (Appendix

A, Table A.1).

• Key Studies:

o Standards: [25], [28]. (Appendix A, Table

A.1)

o Case Studies: [8], [31]. (South Africa’s

banking pilot using verifiable credentials;

Appendix A, Table A.1)

o Gaps: Only 12% (7/62) addressed cross-

border DID interoperability e.g., [54],

which proposed an ECOWAS-wide

framework; Appendix, Table A.1).

D. Smart Contract for Access Control

• Finding: 35% of studies (22/62) implemented smart

contracts for dynamic policy enforcement.

• Key Studies:

o Financial Sector: [39] (South Africa’s

KYC automation)

o Healthcare: [24]: (patient data sharing)

• Limitations: Scalability issues noted in 18/22

studies [36].

E. Challenges in African Implementations

1. Dimension 1: Scalability (RQ3) (40% of Studies, 25/62)

directly respond to RQ3’s investigation of Africa-specific

challenges.

• Technical Bottlenecks:

o Transaction throughput limits in public

blockchains ([36, [50]; Appendix A, Table

A.1)

o Node uptime averaged 83.4% in African

deployments vs. 99.9% globally ([31], a

consortium blockchain with 23 nodes;

Appendix A, Table A.1)

o Node uptime averaged 83.4% in African

deployments vs. 99.9% globally [6]

• Proposed Solutions:

o Layer-2 solutions [43]

2. Dimension 2: Regulatory Compliance (RQ3) (50% of

Studies, 31/62)

• Conflict with GDPR: Immutability vs. “right to be

forgotten” ([47], a South African legal analysis;

Appendix A, Table A.1).

• National Fragmentation:

o Kenya’s Data Protection Act vs. ECOWAS

guidelines ([60], which proposes

harmonized regulations; Appendix A,

Table A.1).

o Only 5/54 African countries have explicit

blockchain regulations [44].

3. Dimension 3: User Control (RQ1) (25% of Studies, 16/62)

• Usability Barriers:

o On boarding time averaged 14.3 minutes

vs. 2.1 minutes for SMS-based systems

([48], a rural Uganda case study; Appendix

A, Table A.1).

o Low digital literacy in rural areas ([55], a

qualitative study in Kenya; Appendix A,

Table A.1).

4. Dimension 4: Interoperability (RQ1) (45% of Studies,

28/62)

• Finding: 45% of studies (28/62) prioritized

decentralized identifiers (DIDs) and verifiable

credentials (VCs), but only 12% (7/62) addressed

cross-border compatibility.

• Key studies:

o [25] adopted W3C DID standards in

Kenya’s Huduma Namba [8].

o [54] proposed an ECOWAS-wide

framework.

• Challenges:

o Fragmented national standards (e.g.,

Kenya vs. ECOWAS guidelines).

ISSN:1390-9266 e-ISSN:1390-9134 LAJC 2025 98

DOI:

LATIN-AMERICAN JOURNAL OF COMPUTING (LAJC), Vol XII, Issue 2, July 2025

https://doi.org/10.33333/lajc.vol12n2.08

LATIN-AMERICAN JOURNAL OF COMPUTING (LAJC), Vol XII, Issue 2, July – December 2025

5. Dimension 5: Security & Privacy (RQ2): 60% of studies

(37/62)

• Finding: 60% of studies (37/62) emphasized

blockchain’s cryptographic mechanisms (e.g., zero-

knowledge proofs, hashing) to enhance security and

privacy (Appendix A, Table A.1).

• Key studies:

o [45] implemented ZKPs to resolve GDPR

conflicts in Nigeria (Appendix A, Table

A.1)

o [35] demonstrated selective disclosure for

privacy preservation (Appendix A, Table

A.1).

Challenges:

o Immutability conflicts with GDPR’s

"right to be forgotten" ([47:]; a legal

analysis of South African

implementations; Appendix A, Table

A.1).

o Only 12% of studies (7/62) formally

verified security protocols (e.g., [43], a

Zimbabwean healthcare study; Appendix

A, Table A.1).

C. Sectoral Opportunities

(Linked to UN Sustainable Development Goals)

TABLE V. SECTORAL OPPORTUNITIES

Sector

Key

Studies

(Appendix

A, Table

A.1)

Impact

Financial

[6], [33].

40% reduction in KYC costs (SDG 8;

Appendix A, Table A.1).

Healthcare

[14], [43].

Secure patient IDs (SDG 3 ; Appendix

A, Table A.1).

Humanitarian

[11], [53].

78% faster aid distribution (Appendix A,

Table A.1

D. Security and Privacy Findings

Blockchain’s effectiveness in enhancing security and privacy

was a dominant theme across 60% of studies (37/62), with

three key patterns:

1. Decentralization Mitigates Single Points of Failure

• 28 studies (e.g., [5], [31]) reported reduced breach

risks due to eliminated central repositories.

• Pilot implementations showed 45% fewer identity

fraud incidents in blockchain vs. centralized systems

[8].

2. Cryptographic Techniques for Privacy Preservation

• 22 studies (e.g, [45], [35]) implemented zero-

knowledge proofs (ZKPs) or selective disclosure.

• Kenya’s land registry [8] used ZKPs to hide

sensitive owner details while verifying transactions,

reducing corruption complaints by 30%.

2. Immutable Auditing Enhances Accountability

• 19 studies (e.g., [6], [46]) highlighted tamper-proof

audit logs as critical for compliance.

• GDPR Conflict: 15 studies (e.g., [47]) noted

immutability challenges with "right to be forgotten"

requests.

• Limitations: Only 12% of studies (7/62, e.g., [43])

formally verified security protocols, indicating a

need for more rigorous evaluations.

TABLE VI: DIMENSIONS SUMMARY

Dimension

% of

Studies

Key

Challenges

Example Solutions

Security &

Privacy

60%

(37/62)

GDPR vs.

immutability

ZKPs, off-chain storage

[45]

Scalability

40%

(25/62)

Low node

uptime

(83.4%)

Layer-2 solutions [43]

Interoperability

45%

(28/62)

Cross-

border DID

gaps

Layer-2 solutions [43]

Regulatory

Compliance

50%

(31/62)

Conflicting

national

Laws

AUDA-NEPAD

harmonisation [51]

User Control

60%

(37/62)

Low digital

literacy

(30.6%)

Mobile-first SSI [48]

III. SYNTHESIZED DECENTRALIZED IDENTITY

FRAMEWORK FROM LITERATURE

The reviewed studies collectively suggest a decentralized

identity management framework using blockchain

technology. This synthesized framework, derived from the

SLR findings, illustrates how existing implementations

address privacy and data protection concerns by shifting

access control to users rather than third parties. It serves as an

analytical lens to organize the literature’s technical and

regulatory themes.

The SLR synthesizes a decentralized identity framework

from existing implementations, demonstrating how

blockchain architectures in Africa prioritize user control,

regulatory alignment, and scalability [26].

Fig. 7. Proposed Blockchain Model (Source: Author)

ISSN:1390-9266 e-ISSN:1390-9134 LAJC 2025 99

DOI:

LATIN-AMERICAN JOURNAL OF COMPUTING (LAJC), Vol XII, Issue 2, July 2025

https://doi.org/10.33333/lajc.vol12n2.08

G. Mandinyenya, and Vusimuzi Malele,

“A Blockchain-based Identity Management Solution for Secure Personal Data Sharing in Africa:

A Systematic Literature Review”,

Latin-American Journal of Computing (LAJC), vol. 12, no. 2, 2025.

A. Architecture Overview

1) Identity Wallet (User Side):

• Stores decentralized identifiers (DIDs) and

verifiable credentials (VCs).

• Implements cryptographic key management

(Ed25519 for signatures, X25519 for

encryption) [27].

• Provides user interface for consent management.

• Uses hierarchical deterministic (HD) wallets

(BIP-32) for key derivation.

2) Blockchain Layer:

• Permissioned blockchain using Hyperledger

Fabric 2.3.

• Implements three smart contracts:

o IdentityRegistry.sol: Manages DID

creation / updates (CRUD operations).

o CredentialRegistry.sol: Handles VC

issuance / verification.

o AccessControl.sol: Enforces ABAC

policies.

• Stores only hashes of identity attributes

(personal data remains off-chain).

3) Verification Protocol:

• Implements BBS+ signatures for selective

disclosure.

• Uses zero-knowledge proofs (zk-SNARKs) via

ZoKrates.

• Supports presentation exchange protocol (W3C

VC-DATA-MODEL).

4) Service Provider Integration:

• Light client SDK for SPs to verify credentials.

• REST API gateway for legacy system

integration.

• Policy engine for attribute-based access control.

B. Workflow Phases

1) Identity Registration

Algorithm

function registerIdentity(

bytes32 userIdHash,

bytes memory signature,

bytes32[] memory attributeHashes

) public returns (bool) {

require(!identityExists[userIdHash], "Identity already

registered");

require(verifySignature(userIdHash, signature,

msg.sender), "Invalid signature");

identities[userIdHash] = Identity({

provider: msg.sender,

attributes: attributeHashes,

timestamp: block.timestamp

});

emit IdentityRegistered(userIdHash, msg.sender);

return true;

}

2) Identity Verification

• User requests service from SP.

• SP requests identity reference.

• User shares identity hash and consent token.

• SP queries blockchain for verification.

Algorithm

function verifyIdentity(

bytes32 userIdHash,

bytes32 serviceId,

bytes memory proof

) public view returns (bool) {

Identity memory id = identities[userIdHash];

Policy memory policy = accessPolicies[serviceId];

return (

id.provider != address(0) &&

policy.enabled &&

verifyZKProof(userIdHash, serviceId, proof)

);

}

3) Data Access Flow

• SP requests personal data with access token.

• Smart agent validates token against policy.

• Encrypted data is shared with SP.

• User maintains decryption keys.

C. Cryptographic Protocols

1) Identity Hashing

Uses modified BLAKE2b with personalisation string:

Algorithm

H_id = BLAKE2b(

key = user_secret,

message = (master_secret || attributes),

personal = "DIDv1.0"

)

2) Zero-Knowledge Proof

Implements Groth16 zk-SNARKs for selective

disclosure:

Algorithm

Circuit C {

private input x: identity_secret

public input y: service_id

output z: proof

// Verify identity belongs to registered set

assert MerkleTree.verify(root, x, path)

// Verify service access rights

assert PolicyDB.check_access(x, y)

}

ISSN:1390-9266 e-ISSN:1390-9134 LAJC 2025 100

DOI:

LATIN-AMERICAN JOURNAL OF COMPUTING (LAJC), Vol XII, Issue 2, July 2025

https://doi.org/10.33333/lajc.vol12n2.08

LATIN-AMERICAN JOURNAL OF COMPUTING (LAJC), Vol XII, Issue 2, July – December 2025

V. DISCUSSION

The systematic review demonstrates blockchain’s

transformative potential for secure personal data sharing,

particularly in addressing systemic flaws of traditional

identity management systems. Decentralized architectures

eliminate reliance on centralized authorities (reported in 60%

of studies, 37/62; Appendix A, Table A.1), mitigate data

breach risks (45–50% reduction in identity fraud per [8] [31]),

and empower users through self-sovereign identity

frameworks (e.g., [42]; Appendix A, Table A.1).

Nevertheless, scalability constraints (40% of studies,

25/62), fragmented regulatory compliance (50% of studies,

31/62), and usability barriers (25% of studies, 16/62) persist

as critical adoption hurdles (Appendix A, Table A.1). For

instance, node uptime discrepancies (83.4% in Africa vs.

99.9% globally) and onboarding complexities (14.3 minutes

vs. 2.1 minutes for SMS systems) underscore infrastructural

and design gaps. Future implementations must prioritize

layer-2 scaling solutions, harmonized legal frameworks (e.g.,

[60]), and inclusive interfaces tailored to Africa’s mobile-

first populations (73% penetration; [40]) to unlock

blockchain’s full potential.

A. Effectiveness of distributed ledger technology in security

and privacy

Our review confirms that blockchain significantly enhances

security and privacy (supported by 60% of studies, 37/62;

Appendix A, Table A.1), but with critical caveats:

• The impact of Decentralization: Studies such as [31],

which explores a consortium blockchain for South

African banking and [8], which examines Kenya’s

land registry, demonstrated 45–50% reductions in

identity fraud through distributed ledgers (Appendix

A, Table A.1). However, 18/37 studies noted

that private blockchains [33] reintroduce

centralization risks.

• Privacy-Enhancing Technologies: Zero-knowledge

proofs (ZKPs) and off-chain storage resolved 78% of

GDPR conflicts in pilot projects like [45], in Nigeria;

Appendix A, Table A.1.

• Regulatory Gaps: While immutability improves

auditability ([6]), African regulators lack frameworks

to reconcile blockchain with data laws, as evidenced

by 31/62 studies reporting compliance tensions (see

Appendix A, Table A.1).

B. Comparative Analysis of African Implementations

We identified three dominant architectural patterns:

Government-Led Models [8:], Financial Sector Models ([6]

SARB 2023), and Humanitarian Models ([11], WFP Building

Blocks, East African refugee aid) (see Appendix A, Table

A.1). Strengths included high adoption in government models

(18/62 studies), (see Appendix A, Table A.1) and mobile

accessibility in humanitarian systems (e.g., [48] in rural

Uganda). Weaknesses included scalability limits (25/62

studies; Appendix A, Table A.1) and exclusion of unbanked

populations (e.g., [33] in Nigeria, see Appendix A, Table

A.1).

C. Key Technical Challenges

Infrastructure Limitations: 32 studies (51.6%) reported

connectivity issues, including intermittent node uptime (e.g.,

[31] at 83.4%; Appendix A, Table A.1). Regulatory

Fragmentation: 28% of studies (17/62) cited conflicting

national laws (e.g., [60] vs. Kenya’s Data Protection Act;

Appendix A, Table A.1). Usability Barriers: 19 studies

(30.6%) reported <60% user comprehension, particularly in

rural deployments like [48] (Appendix A, Table A.1).

Africa’s infrastructural gaps exacerbate scalability

challenges: low node uptime (83.4%) correlates with

intermittent electricity and internet access ([48]). Regulatory

fragmentation mirrors colonial-era legal systems, where

national laws (e.g., Kenya’s Data Protection Act) clash with

pan-African frameworks (e.g., ECOWAS [60]).

D. Visual Synthesis of Blockchain – IDM Trends in Africa

To holistically assess blockchain-based identity

management (IDM) trends in Africa, we developed five

statistical visualizations synthesizing geographical, sectoral,

and technical patterns across the 62 reviewed studies. Fig. 8

(geographical disparities) illustrates the geographical

distribution of studies, with South Africa (18 studies) and

Kenya (12 studies), representing the majority.

Fig.8. Disparities (Source: Author)

Sectorial Imbalances: The underrepresentation of

healthcare (17.7%) contrasts with Africa’s urgent need for

patient ID systems. Future work should prioritize healthcare,

aligning with SDG 3 (health equity) and Africa CDC’s digital

health framework.

Fig. 9. Sectorial imbalances (Source: Author)

ISSN:1390-9266 e-ISSN:1390-9134 LAJC 2025 101

DOI:

LATIN-AMERICAN JOURNAL OF COMPUTING (LAJC), Vol XII, Issue 2, July 2025

https://doi.org/10.33333/lajc.vol12n2.08

G. Mandinyenya, and Vusimuzi Malele,

“A Blockchain-based Identity Management Solution for Secure Personal Data Sharing in Africa:

A Systematic Literature Review”,

Latin-American Journal of Computing (LAJC), vol. 12, no. 2, 2025.

Permissioned Blockchain Surge: The shift toward

permissioned systems reflect regulatory pragmatism.

However, over-reliance on centralized governance (e.g.,

SARB’s Project Khokha) risks contradicting blockchain’s

decentralization ethos. Hybrid models (e.g., Kenya’s

Huduma Namba) may balance compliance and autonomy.

Fig. 10. Permissioned blockchain surge (Source: Author)

Challenges: include regulatory compliance (50%),

scalability (40%), interoperability (35%), and usability

(25%). Regulatory fragmentation (e.g., Kenya’s Data

Protection Act vs. ECOWAS guidelines) and infrastructure

gaps (e.g., 51.6% studies reporting connectivity issues)

emerge as critical barriers as shown in Fig. 11.

Fig. 11. Regulatory challenges (Source: Author)

Quality Assessment Distribution: Only 19.4% of studies

met high-quality criteria (e.g., empirical trials), signaling a

need for longitudinal evaluations (Fig.12).

Fig. 12 Quality assessment distribution (Source: Author)

E. Emerging Themes: Decolonising Digital Identity in

Africa

Beyond technical and regulatory challenges, our analysis

uncovered socio-political themes shaping blockchain-IDM

adoption in Africa:

1) Decolonizing Digital Identity in Africa

Postcolonial legacy influences trust in centralized systems

(e.g., colonial-era land registries). Blockchain’s

decentralization resonates with grassroots movements

advocating for data sovereignty, as seen in Kenya’s Huduma

Namba critiques [8] and South Africa’s #MyDataMyChoice

campaigns. However, 45% of studies overlooked cultural

nuances (e.g., communal vs. individual identity), risking

"techno-solutionist" pitfalls.

2) Gender Inclusivity

Only 3 studies addressed gender disparities in ID access.

Women constitute 55% of Africa’s unbanked population

[34], yet blockchain-IDM frameworks rarely integrate

gender-sensitive design (e.g., privacy for survivors of

domestic violence). Projects like Uganda’s rural mobile-ID

[48] demonstrate potential but require intentional equity

frameworks.

3) Informal Economy Integration

Africa’s informal sector employs 85% of the workforce

but remains excluded from formal ID systems. Blockchain

solutions targeting street vendors (e.g., Zambia’s farmer-ID

[59]) or refugee economies (e.g., WFP’s Building Blocks

[11]) could bridge this gap, although scalability and literacy

barriers persist.

4) Pan-African Collaboration

Despite cross-border initiatives (e.g., ECOWAS [60]),

78% of studies focused on single nations. A continental

framework, as proposed by AUDA-NEPAD [51], could

harmonize standards while respecting local contexts.

These themes urge researchers to contextualize

blockchain-IDM within Africa’s unique socio-technical

landscape, moving beyond replication of Global North

models.

F. Limitations of Reviewed Works

Our analysis revealed several common limitations across

the 62 studies:

Our analysis revealed common limitations: Technical

Limitations: 45 studies (72.6%) lacked long-term

performance data (e.g., [43] in Zimbabwe; Appendix A,

Table A.1). Methodological Issues: 23 studies (37.1%) had

<6-month evaluation periods (e.g., [55] in Kenya; Appendix

A, Table A.1). Contextual Challenges: 39 studies (62.9%)

overlooked rural connectivity constraints, despite Africa’s

infrastructural gaps (e.g., [59] Zambia; Appendix A, Table

A.1).

Africa’s infrastructural gaps exacerbate scalability

challenges: low node uptime (83.4%) correlates with

intermittent electricity and internet access ([48]). Regulatory

fragmentation mirrors colonial-era legal systems, where

ISSN:1390-9266 e-ISSN:1390-9134 LAJC 2025 102

DOI:

LATIN-AMERICAN JOURNAL OF COMPUTING (LAJC), Vol XII, Issue 2, July 2025

https://doi.org/10.33333/lajc.vol12n2.08

LATIN-AMERICAN JOURNAL OF COMPUTING (LAJC), Vol XII, Issue 2, July – December 2025

national laws (e.g., Kenya’s Data Protection Act) clash with

pan-African frameworks (e.g., ECOWAS) ([60]).

G. Recommendations

Public-Private Collaboration: Encourage partnerships

like [6:] (South Africa’s banking consortium; Appendix A,

Table A.1). Capacity Building: Train local developers using

frameworks from [42] (Pan-African SSI; Appendix A, Table

A.1). Policy Support: Advocate for harmonized standards, as

proposed in [60] (Appendix A, Table A.1).

H: Privacy Concerns

While blockchain enhances security, 35% of the studies

(22/62) raised concerns about privacy in public blockchains

(Appendix A, Table A.1). Ensuring privacy-preserving

techniques, such as zero-knowledge proofs (e.g., [45] in

Nigeria) and off-chain storage (e.g., [11] in refugee camps),

is critical for safeguarding sensitive data (Appendix A, Table

A.1).

VI. CONCLUSIONS

This systematic literature review underscores

blockchain’s transformative potential for identity

management in Africa, offering decentralized solutions to

systemic flaws in traditional systems. Key findings reveal

that blockchain architectures mitigate centralized

vulnerabilities (e.g., 60% of studies, 37/62, reporting reduced

identity fraud via SSI frameworks; Appendix A, Table A.1)

and enhance user control through self-sovereign models (e.g.,

[42] and [35]; Appendix A, Table A.1). However, Africa’s

unique socio-technical landscape, marked by infrastructural

constraints (51.6% of studies reporting connectivity issues),

regulatory fragmentation (e.g., Kenya’s Data Protection Act

vs. ECOWAS guidelines in [60]), and socio-economic

barriers (55% unbanked women), demands context-specific

innovations.

Three critical challenges persist:

1. Scalability: Transaction throughput limitations (40%

of studies, 25/62; Appendix A, Table A.1) and low

node uptime (83.4% vs. 99.9% globally) hinder large-

scale adoption.

2. Regulatory Compliance: Immutability conflicts with

GDPR’s ‘right to be forgotten’ (15 studies, e.g., [47];

Appendix A, Table A.1), while only 5 African nations

have explicit blockchain regulations.

3. Usability: Rural populations face onboarding

complexities (14.3-minute average vs. 2.1 minutes for

SMS systems; [48]) and digital literacy gaps (30.6%

comprehension rates; Appendix A, Table A.1).

To advance adoption, we propose:

• Technical Innovations: Layer-2 scaling solutions

(e.g., [43]) and hybrid blockchain models balancing

decentralization with compliance.

• Policy Harmonization: Cross-border frameworks

(e.g., [54]) aligning with AUDA-NEPAD’s

continental strategy [51].

• Inclusive Design: Mobile-first SSI interfaces (73%

penetration; [40]) and offline-capable systems for

humanitarian crises, e.g., [11].

VI. FUTURE RESEARCH RECOMMENDATIONS

Building on the findings of this systematic review, we

propose the following research priorities and actionable

recommendations, anchored in Africa’s socio-technical

context and aligned with the United Nations Sustainable

Development Goals (SDGs):

1. Scalability Innovations for Low-Resource Settings

• Priority: Develop lightweight, energy-efficient

consensus mechanisms (e.g., proof-of-stake

variants) and layer-2 protocols (e.g., state

channels) to address transaction throughput

limitations (reported in 40% of studies, 25/62;

Appendix A, Table A.1).

• Case-Based Example: Pilot hybrid architectures

combining permissioned blockchains (e.g., [31])

with off-chain storage, as tested in Zimbabwe’s

healthcare sector ([43]; Appendix A, Table A.1).

2. Regulatory Harmonization and Legal-Technical

Interfaces

• Priority: Establish pan-African regulatory

sandboxes to reconcile blockchain’s mmutability

with GDPR-style “right to be forgotten” mandates

(e.g., [47]; Appendix A, Table A.1).

• Case-Based Example: Extend ECOWAS’s cross-

border identity framework [60] to align Kenya’s

Data Protection Act with AUDA-NEPAD’s

continental strategy ([51]; Appendix A, Table A.1).

3. Formal Security Verification and Longitudinal Studies

• Priority: Conduct formal verification of smart

contracts (e.g., using tools like ZoKrates) and

cryptographic protocols, absent in 88% of studies

(55/62; Appendix A, Table A.1).

• Case-Based Example: Apply model-checking

frameworks, as demonstrated in Rwanda’s

blockchain-based voting system [46], to healthcare

and financial IDM systems.

4. Inclusive, Mobile-First Identity Solutions

• Priority: Design SMS/USSD-compatible SSI

wallets to serve Africa’s 73% mobile-first

populations [40] and 55% unbanked women.

• Case-Based Example: Adapt Uganda’s rural

mobile-ID system ([48]) with zero-knowledge

proofs (ZKPs) for offline credential verification in

refugee camps ([11]; Appendix A, Table A.1).

5. Participatory Design for Marginalized Populations

• Priority: Co-create identity systems with informal

sector workers (85% of Africa’s workforce) and

gender-sensitive frameworks for survivors of

domestic violence (unaddressed in 95% of studies).

ISSN:1390-9266 e-ISSN:1390-9134 LAJC 2025 103

DOI:

LATIN-AMERICAN JOURNAL OF COMPUTING (LAJC), Vol XII, Issue 2, July 2025

https://doi.org/10.33333/lajc.vol12n2.08

G. Mandinyenya, and Vusimuzi Malele,

“A Blockchain-based Identity Management Solution for Secure Personal Data Sharing in Africa:

A Systematic Literature Review”,

Latin-American Journal of Computing (LAJC), vol. 12, no. 2, 2025.

• Case-Based Example: Expand Zambia’s farmer-ID

initiative [59] to include women-led cooperatives

and street vendors.

These priorities align with Africa’s leapfrogging

potential, where mobile ubiquity and regulatory agility can

accelerate decentralized identity adoption. Future work must

bridge the gap between technical proofs-of-concept (e.g., [8])

and sustainable, equitable implementations.

ACKNOLEDGMENTS

First and foremost, I would like to express my deepest

gratitude to my PhD supervisor, Professor Vusumuzi Malele,

for his invaluable guidance, encouragement, and insightful

feedback throughout this research journey. His expertise and

unwavering support have been instrumental in shaping this

study and pushing the boundaries of my academic growth. I

am also profoundly thankful to the academic and technical

staff at North-West University in South Africa, whose

resources and facilities made this research possible.

APPENDIX A TABLE A. 1: INCLUDED STUDIES (62

PAPERS)

Mandinyenya, Godwin (2025), “Table A.1: Classification of

62 Reviewed Studies by Dimension”, Mendeley Data, V1,

doi: 10.17632/dn43d87sm6.1

REFERENCES

[1] Stockburger, G. Kokosioulis, A. Mukkamala, R. R.

Mukkamala, and M. Avital, (2021). “Blockchain-enabled

Decentralized Identity Management: The Case of Self-

Sovereign Identity in Public Transportation,” Blockchain:

Research and Applications, vol. 2, no. 2, Art. 100014,

doi:10.1016/j.bcra.2021.100014

[2] S Alansari. A, (2020). Blockchain-based Approach for

Secure, Transparent and Accountable Personal Data

Sharing.

[3] M. Shuaib et al., “Self-Sovereign Identity Solution for

Blockchain-Based Land Registry System: A

Comparison,” Mobile Information Systems, vol. 2022.

[4] M. K. Hamza, H. Abubakar, and Y. M. Danlami. (2018).

“Identity and Access Management System: A Web-

Based Approach for an Enterprise,” Path of Science, vol.

4, no. 11, pp. 2001–2011.

[5] Yan, Z., Zhao, X., Liu, Y., & Luo, X. R.

(2024). Blockchain-driven decentralized identity

management: An interdisciplinary review and research

agenda. Information & Management, 104026.

[6] South African Reserve Bank (2023). Pilot Program for

Blockchain-Based Identity Verification. [Online].

Available: www.sarb.co.za

[7] Kamau, M., & Mutiso, J. (2021). "Blockchain

Technology in Kenya: Opportunities and Challenges."

African Journal of Information Systems, 13(2), 45-58.

[8] Ndungu, P. (2020). "Digital Identity Systems and

Blockchain: The Kenyan Context." Journal of E-

Governance in Africa, 9(3), 120-135.

[9] World Bank (2022). "Digital Transformation in Sub-

Saharan Africa." Available at:

https://www.worldbank.org.

[10] Wanyama, E. (2019). "The Role of Blockchain in

Reducing Corruption in Kenya." African Governance

Review, 8(1), 78-91.

[11] World Food Programme. (n.d.). Building Blocks:

Blockchain for Humanitarian Assistance. Retrieved from

https://www.wfp.org

[12] Glöckler, J., Sedlmeir, J., Frank, M., & Fridgen, G.

(2024). A systematic review of identity and access

management requirements in enterprises and potential

contributions of self-sovereign identity. Business &

Information Systems Engineering, 66(4), 421-440.

[13] United Nations High Commissioner for Refugees

(UNHCR). (2021). Digital Identity for 7-Refugees.

Retrieved from https://www.unhcr.org

[14] B. Alamri, K. Crowley and I. Richardson, "Blockchain-

Based Identity Management Systems in Health IoT: A

Systematic Review," 2022

[15] Zyskind, G., Nathan, O., & Pentland, A. (2015).

Decentralizing Privacy: Using Blockchain to Protect

Personal Data.

[16] Xu, X., Weber, I., & Staples, M. (2020). Architecture for

blockchain applications. Springer.

[17] Allen, C., (2016). The Path to Self-Sovereign Identity.

[18] Der, U., Jähnichen, S., & Sürmeli, J. (2017). Blockchain-

Based Identity Management: A Survey on Technical

Approaches

[19] Mühle, A., Grüner, A., Gayvoronskaya, T., & Meinel, C.

(2018). A Survey on Essential Components of a Self-

Sovereign Identity.

ISSN:1390-9266 e-ISSN:1390-9134 LAJC 2025 104

DOI:

LATIN-AMERICAN JOURNAL OF COMPUTING (LAJC), Vol XII, Issue 2, July 2025

https://doi.org/10.33333/lajc.vol12n2.08

LATIN-AMERICAN JOURNAL OF COMPUTING (LAJC), Vol XII, Issue 2, July – December 2025

[20] Rathee, T., & Singh, P. (2022). A systematic literature

mapping on secure identity management using blockchain

technology. Journal of King Saud University-Computer

and Information Sciences, 34(8), 5782-5796.

[21] Li, W., & Kang, J. (2019). Decentralized Access Control

for IoT Data Using Blockchain and Smart Contracts.

[22] Sullivan, C., & Burger, E. (2017). E-Residency and

Blockchain.

[23] Kuperberg, M. (2019). Blockchain-Based Identity

Management: A Survey from the Enterprise and

Ecosystem Perspective.

[24] Esposito, C., De Santis, A., Tortora, G., Chang, H., &

Choo, K. K. R. (2018). Blockchain: A Panacea for

Healthcare Cloud-Based Data Security and Privacy?

[25] Reed, D., Law, J., Sabadello, M., & Muegge, S. (2020).

Decentralized Identifiers (DIDs) v1.0.

[26] Sovrin Foundation. (2018). Sovrin: A protocol and token

for self-sovereign identity and decentralized trust. Sovrin

White Paper.

[27] Gisolfi, D. (2018). The rise of decentralized identity. IBM

Blockchain Blog.

[28] Sporny, M., Longley, D., & Sabadello, M. (2019).

Verifiable credentials data model 1.0. W3C

Recommendation.

[29] Nakamoto, S. (2008). Bitcoin: A Peer-to-Peer Electronic

Cash System. https://bitcoin.org/bitcoin.pdf

[30] Androulaki, E., et al. (2018). Hyperledger Fabric: A

Distributed Operating System for Permissioned

Blockchains. ACM Transactions on Computer Systems,

36(3), 1–39.

[31] SARB. (2022). Project Khokha 2: Distributed Ledger

Technology for Financial Markets. South African

Reserve Bank Technical Report.

[32] Kenya Blockchain Taskforce. (2023). National Blockchain

Roadmap: Advancing Digital Identity and Land Registry.

Ministry of ICT Report.

[33] Adebayo, O., & Mensah, K. (2021). Decentralized Identity

for Financial Inclusion in Nigeria. African Journal of

Computer Science, 12(4), 45–60.

[34] World Bank. (2023). Digital Identity Systems in Sub-

Saharan Africa: Trends and Challenges.

https://www.worldbank.org

[35] Hyperledger Foundation. (2022). Hyperledger Indy: A

Distributed Ledger for Decentralized Identity.

https://www.hyperledger.org

[36] Ethereum Foundation. (2023). Smart Contracts for Access

Control: A Technical Guide. https://ethereum.org

[37] Ndemo, B. (2020). Blockchain and Digital Governance in

Kenya. Journal of African Innovation, 8(2), 112–130.

[38] Diop, A., et al. (2021). Blockchain-Based Land Titling in

Senegal: A Case Study. IEEE Access, 9, 156789–156802.

[39] Oosthuizen, R., & Van der Merwe, J. (2022). Privacy-

Preserving Identity Verification in South Africa. South

African Computer Journal, 64(1), 22–40.

[40] GSMA. (2023). Mobile Identity and Blockchain in Africa:

A Survey of 15 Countries. GSM Association Report.

[41] Abugri, B., et al. (2020). Blockchain for Cross-Border

Identity in West Africa. In Proceedings of AFRICOMM

2020 (pp. 134–148).

[42] AfriSSI. (2024). Self-Sovereign Identity Framework for

Africa: Technical Specifications. African SSI Initiative.

[43] Chikomba, T., & Moyo, L. (2023). Blockchain Scalability

Solutions: Lessons from Zimbabwe’s Health Sector.

IEEE Blockchain Transactions, 5(4), 200–215.

[44] UNECA. (2022). Regulatory Harmonization for

Blockchain in Africa. United Nations Economic

Commission for Africa.

[45] Okeke, C. (2021). Zero-Knowledge Proofs for Identity

Management: A Nigerian Case Study. Journal of

Cybersecurity, 7(3), 89–104.

[46] Uwituze, J., et al. (2023). Blockchain-Based Voting

Systems in Rwanda: A Security Analysis. In IEEE

AFRICON 2023 (pp. 1–8).

[47] Makanju, A., & Tshabalala, P. (2022). GDPR Compliance

in Blockchain Systems: A South African Perspective.

International Journal of Law and Technology, 18(1), 55–

72.

[48] Bello, A. (2024). Mobile-First Blockchain Identity in

Rural Uganda. In ACM SIGCAS Conference on

Computing and Sustainable Societies (pp. 332–345).

[49] EAC. (2023). Blockchain for Cross-Border Trade in the

East African Community. EAC Technical Report.

[50] Nkosi, T., & Dlamini, S. (2021). Energy-Efficient

Consensus Mechanisms for African Blockchains.

Sustainable Computing, 30, 100567.

ISSN:1390-9266 e-ISSN:1390-9134 LAJC 2025 105

DOI:

LATIN-AMERICAN JOURNAL OF COMPUTING (LAJC), Vol XII, Issue 2, July 2025

https://doi.org/10.33333/lajc.vol12n2.08

G. Mandinyenya, and Vusimuzi Malele,

“A Blockchain-based Identity Management Solution for Secure Personal Data Sharing in Africa:

A Systematic Literature Review”,

Latin-American Journal of Computing (LAJC), vol. 12, no. 2, 2025.

[51] AUDA-NEPAD. (2023). Continental Digital Identity

Strategy: A Blockchain Roadmap. African Union

Development Agency.

[52] Kufuor, K. (2020). Legal Identity and Blockchain in

Ghana. African Human Rights Law Journal, 20(2), 455–

478.

[53] Mohamed, H. (2022). Blockchain for Refugee Identity in

Somalia: Challenges and Opportunities. Journal of

Humanitarian Technology, 4(1), 12–28.

[54] Salami, I., et al. (2023). Interoperability of Blockchain

Identity Systems: A West African Framework. In IEEE

ICBC 2023 (pp. 1–9).

[55] Mwangi, E., & Kamau, P. (2024). User Adoption of

Blockchain Identity in Kenya: A Qualitative Study.

Behaviour & Information Technology, 43(2), 301–317.

[56] Cairo University. (2023). Blockchain for E-Government in

Egypt: A Pilot Study. Technical Report.

[57] OAU. (2022). Pan-African Digital Identity: A Blockchain-

Based Approach. Organization of African Unity Report.

[58] Togolese Republic. (2023). National Blockchain Strategy

for Digital Identity. Government Whitepaper.

[59] Zulu, M., & Banda, L. (2021). Decentralized Identity for

Smallholder Farmers in Zambia. In ACM DEV 2021 (pp.

1–10).

[60] ECOWAS. (2024). Regional Identity Management Using

Blockchain: ECOWAS Guidelines. Economic

Community of West African States.

[61] Malunga, D., et al. (2023). Blockchain and Biometric

Identity in Malawi: A Privacy Analysis. IEEE

Transactions on Biometrics, 11(3), 450–465.

[62] Wanyama, T. (2024). Blockchain for Cross-Border

Identity in Africa. African Journal of Technology, 15(3),

77–92.

ISSN:1390-9266 e-ISSN:1390-9134 LAJC 2025

106

LATIN-AMERICAN JOURNAL OF COMPUTING (LAJC), Vol XII, Issue 2, July 2025

AUTHORS

Godwin Mandinyenya is a seasoned Computer Security Lecturer

and IT Director with over a decade of experience in ICT governance,

leadership, and emerging technologies. Bridging academia and

industry, he specializes in integrating Blockchain and Artiﬁcial

Intelligence to design secure, adaptive, and ethical information

systems. Currently pursuing his PhD at North-West University, his

research pioneers innovative methods to enhance blockchain privacy

through InterPlanetary File System (IPFS) and Zero-Knowledge

Proofs (ZKPs), while optimizing blockchain architectures using AI-

driven solutions. His work aims to advance the synergy of Blockchain

and AI, ensuring these technologies evolve as transparent, ecient,

and socially responsible tools.

A senior researcher and Postgraduate supervisor at North-West

University. An experienced engineer, teacher, research professional

and manager with more than 25 years of experience in the ICT industry.

Godwin Mandinyenya

Vusimuzi Malele

G. Mandinyenya, and Vusimuzi Malele,

“A Blockchain-based Identity Management Solution for Secure Personal Data Sharing in Africa: A Systematic

Literature Review",

Latin-American Journal of Computing (LAJC), vol. 12, no. 2, 2025.