Thanks Tim, you are welcome. It's worth remembering though that there are currently numerous different interpretations floating around for some of the terms and definitions involved and it would not surprise me if i phoned the ICO again tomorrow and got a different answer - overall it is a bit of a mess.
As far as the witness issue goes, with the question of who is the 'data controller', I can also possibly imagine a situation where it is claimed that because the witnesses ultimately choose whether or not to adopt a particular hard fork that they somehow collectively become a kind of group of data controllers who share responsibility. It might be one of the most complicated version of modelling a system for GDRP, but a particularly adventurous government worker might want a challenge and decide to push that through.. I'm not sure if that's possible or not.
In any case, we might not know there is an issue until someone tries to launch a court case against.. someone. I am guessing that no witness has ever received a legal notice for anything so far - is that right, to your knowledge? I'm not sure if Steemit inc. would make it public if they had done.
Steemit receives DMCA takedown requests for content hosted on the site, but afaik nobody has filed any cases against witnesses or node operators yet.
Yes, ok - I see the blacklisted posts in Github for Condenser sometimes. Maybe the complexity of the situation puts off some people - it's an interestingly and refreshingly weird situation ;)