Its all very interesting bc *technically*, afaik, the blockchain itself doesnt actually keep any information that qualifies as PII under GDPR, sa names or IP addresses.
Will be interesting to see what this means for blockchain surveillance firms.
Discussion
I think a Bitcoin address should be considered PII just like an IP address. With a possible exception if it's been mixed, freshly mined and held, never touched a custodian, etc. Now that would have serious implications for these surveillance companies.
I think the blockchain just isn't a "controller", or any other entity that some sort of obligation. It's only about what people put on it. So an exchange that generates a deposit address for you is now responsible to hold that PII private.