The architecture of cloud-based services is typically opaque and intricate. As a result, data subjects cannot exercise adequate control over their personal data, and overwhelmed data protection authorities must spend their limited resources in costly forensic efforts to ascertain instances of non-compliance. To address these data protection challenges, a group of computer scientists and socio-legal scholars joined forces in the Privacy-Aware Cloud Ecosystems (PACE) project to design a blockchain-based privacy-enhancing technology (PET). This article presents the fruits of this collaboration, highlighting the capabilities and limits of our PET, as well as the challenges we encountered during our interdisciplinary endeavour. In particular, we explore the barriers to interdisciplinary collaboration between law and computer science that we faced, and how these two fields’ different expectations as to what technology can do for data protection law compliance had an impact on the project's development and outcome. We also explore the overstated promises of techno-regulation, and the practical and legal challenges that militate against the implementation of our PET: most industry players have no incentive to deploy it, the transaction costs of running it make it prohibitively expensive, and there are significant clashes between the blockchain's decentralised architecture and GDPR's requirements that hinder its deployability. We share the insights and lessons we learned from our efforts to overcome these challenges, hoping to inform other interdisciplinary projects that are increasingly important to shape a data ecosystem that promotes the protection of our personal data.

基于云的服务的架构通常是不透明且复杂的。因此，数据主体无法对其个人数据进行充分的控制，而不堪重负的数据保护机构必须将其有限的资源用于成本高昂的取证工作，以确定违规情况。为了应对这些数据保护挑战，一群计算机科学家和社会法律学者联手隐私感知云生态系统（PACE）项目，设计了基于区块链的隐私增强技术（PET）。本文介绍了这次合作的成果，强调了我们 PET 的能力和局限性，以及我们在跨学科努力中遇到的挑战。特别是，我们探讨了法律和计算机科学之间跨学科合作所面临的障碍，以及这两个领域对技术如何促进数据保护法合规性的不同期望如何影响项目的发展和结果。我们还探讨了技术监管的夸大承诺，以及阻碍 PET 实施的实际和法律挑战：大多数行业参与者没有动力部署它，运行它的交易成本使其极其昂贵，而且存在区块链的去中心化架构与 GDPR 的要求之间存在重大冲突，阻碍了其可部署性。我们分享从克服这些挑战的努力中汲取的见解和经验教训，希望为其他跨学科项目提供信息，这些项目对于塑造促进保护我们个人数据的数据生态系统越来越重要。