This analysis describes what Bluesky's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The adequacy of SCCs as a transfer mechanism has been challenged post-Schrems II, and users in the EU, UK, Switzerland, and Brazil should be aware their data may be stored and processed in the United States or other jurisdictions with different privacy protections.
Bluesky collects a broad range of personal data including IP addresses, device identifiers, in-app browsing behavior, and direct messages that are explicitly described as unencrypted and accessible for internal Trust and Safety purposes. Public activity including posts, likes, follows, and blocks is distributed across the AT Protocol decentralized network, meaning third-party servers outside Bluesky's direct control may host copies of that content, which has practical implications for deletion requests. You can request access to, correction of, or deletion of your personal data by emailing privacy@bsky.app.
How other platforms handle this
If you are located in the European Economic Area, the United Kingdom, or Switzerland, please be aware that we may transfer your personal information to countries outside of these regions, including to the United States, where data protection laws may not provide the same level of protection as those...
Where Zendesk transfers personal data outside of the European Economic Area, the United Kingdom, or Switzerland, we rely on appropriate transfer mechanisms, including Standard Contractual Clauses approved by the European Commission, to ensure that your personal data receives an adequate level of pro...
Pinterest, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. When we transfer your personal data from the EEA, Switzerland, or the UK to...
Monitoring
Bluesky has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"If we transfer personal information from the European Economic Area, Switzerland, Brazil and/or the United Kingdom to a country that does not provide an adequate level of protection under applicable data protection laws, we will do so (i) using appropriate safeguards; (ii) based on safeguards like the European Commission-approved, UK Government-approved, or Brazil's Data Protection Authority Standard Contractual Clauses or Addenda; or (iii) otherwise in accordance with applicable data protection laws.— Excerpt from Bluesky's Bluesky Privacy Policy
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The adequacy of SCCs as a transfer mechanism has been challenged post-Schrems II, and users in the EU, UK, Switzerland, and Brazil should be aware their data may be stored and processed in the United States or other jurisdictions with different privacy protections.
ConductAtlas has identified this type of provision across 12 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Bluesky.