There is no reason to store these kind of private encrypted data on the blockchain. The blockchain should be used for storing
- Public data, or
- Private data but timestamping is needed
For the case you suggest, users and merchants should digitally sign those receipts and KYC data (with mutually agreed timestamp if needed) and keep it by themselves.
I've actually had this discussion with regulatory/banking types... There's pressure to have the data on the blockchain itself precisely because it forces it to be "sufficiently" public for governments to be happy - many of them want it to be fundamentally impossible to use the blockchain without giving up that information. First step is to be able to know for sure if the data exists.
Obviously pay-to-contract-hash techniques are the sane way to do this stuff... but we don't necessarily have the same goals as regulators do. One of the hard political challenges for people enganging with regulators is convincing them that privacy matters, and any KYC system has to be an add-on, not an inherent part of the system.
Bitcoin is a consensus protocol to determine the validity of some binary data. Fundamentally, it is just a language. It could not be regulated like regulating a company because there is no one to send to jail and nothing to confiscate. The only way to regulate bitcoin is to control >50% of the hashing power (or to regulate bitcoin users, but bitcoin users != bitcoin).
Anyway, if they have some good idea in mind, they can always create it (since they have unlimited resources) and convince people to adopt it.