Everything you post publicly on Bluesky, including your profile, likes, who you follow, and who you block, is distributed across a decentralized network and visible to anyone, including third-party servers that may store copies.
This analysis describes what Bluesky's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Because Bluesky runs on the AT Protocol, public content is not just visible on Bluesky's own servers but can be replicated by any third-party node on the network, which means a deletion request submitted to Bluesky may not remove content from all third-party servers that have already copied it.
Interpretive note: The practical scope of deletion rights in the context of AT Protocol's decentralized architecture is not fully addressed in the document; the extent to which Bluesky can compel removal from independent third-party nodes is uncertain.
Users who delete posts or close their account may find that copies of their public content persist on third-party AT Protocol servers outside Bluesky's control, limiting the practical effectiveness of data deletion rights.
How other platforms handle this
Redfin may offer interactive features such as chat services, forums, and social media pages. We may collect the information you submit or make available through these features. Any content you provide on the public sections of these channels will be considered "public" and will not be subject to the...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Monitoring
Bluesky has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Your Posts and Public Profile. Bluesky is a decentralized microblogging service where most user activity is public by design. This includes your posts, profile, likes, following, and blocks. Your Posts. The Bluesky App is a microblogging service that lets you post content and comment on other users' posts. We collect your posts. Your posts and comments are public, so exercise care when deciding what to share.— Excerpt from Bluesky's Bluesky Privacy Policy
(1) REGULATORY LANDSCAPE: The decentralized distribution of public content creates a tension with GDPR Article 17 (right to erasure) and equivalent provisions under UK GDPR, Brazil's LGPD, and CCPA deletion rights. If Bluesky cannot ensure deletion of data held by independent third-party nodes, the policy's deletion rights may be partially unenforceable in practice. Relevant supervisory authorities include EU Data Protection Authorities and the UK ICO. (2) GOVERNANCE EXPOSURE: High. The inability to guarantee deletion of content replicated across independent federated nodes is a structural limitation of the AT Protocol architecture that may create recurring data subject rights compliance challenges. The document does not explicitly address this limitation, which may itself be a transparency gap under GDPR Article 13/14. (3) JURISDICTION FLAGS: EU and UK users exercising deletion rights face the highest exposure given GDPR and UK GDPR Article 17 obligations. California users exercising CCPA deletion rights may encounter similar limitations. Any jurisdiction with a statutory right to erasure is affected. (4) CONTRACT AND VENDOR IMPLICATIONS: Third-party AT Protocol node operators are not Bluesky vendors in the traditional sense and may not be bound by Bluesky's data processing agreements. Legal teams should assess whether Bluesky has any contractual mechanism to request content removal from independent nodes and what representations, if any, can be made to data subjects about deletion scope. (5) COMPLIANCE CONSIDERATIONS: Bluesky should consider explicit disclosure to users at the point of posting and in the policy that public content distributed via AT Protocol may persist on third-party servers beyond Bluesky's control even after deletion. Data mapping exercises should document the federated distribution pathway as a distinct processing activity. Deletion request workflows should include user-facing communication about the scope and limitations of deletion in a decentralized environment.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Because Bluesky runs on the AT Protocol, public content is not just visible on Bluesky's own servers but can be replicated by any third-party node on the network, which means a deletion request submitted to Bluesky may not remove content from all third-party servers that have already copied it.
Users who delete posts or close their account may find that copies of their public content persist on third-party AT Protocol servers outside Bluesky's control, limiting the practical effectiveness of data deletion rights.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Bluesky.