Everything you post publicly on Bluesky, including your profile, likes, who you follow, and who you block, is distributed across a decentralized network and visible to anyone, including third-party servers that may store copies.
This analysis describes what Bluesky's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Because Bluesky runs on the AT Protocol, public content is not just visible on Bluesky's own servers but can be replicated by any third-party node on the network, which means a deletion request submitted to Bluesky may not remove content from all third-party servers that have already copied it.
Interpretive note: The practical scope of deletion rights in the context of AT Protocol's decentralized architecture is not fully addressed in the document; the extent to which Bluesky can compel removal from independent third-party nodes is uncertain.
Users who delete posts or close their account may find that copies of their public content persist on third-party AT Protocol servers outside Bluesky's control, limiting the practical effectiveness of data deletion rights.
Cross-platform context
See how other platforms handle Public Posts and Decentralized Network Distribution and similar clauses.
Compare across platforms →Monitoring
Bluesky has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Your Posts and Public Profile. Bluesky is a decentralized microblogging service where most user activity is public by design. This includes your posts, profile, likes, following, and blocks. Your Posts. The Bluesky App is a microblogging service that lets you post content and comment on other users' posts. We collect your posts. Your posts and comments are public, so exercise care when deciding what to share.— Excerpt from Bluesky's Bluesky Privacy Policy
(1) REGULATORY LANDSCAPE: The decentralized distribution of public content creates a tension with GDPR Article 17 (right to erasure) and equivalent provisions under UK GDPR, Brazil's LGPD, and CCPA deletion rights. If Bluesky cannot ensure deletion of data held by independent third-party nodes, the policy's deletion rights may be partially unenforceable in practice. Relevant supervisory authorities include EU Data Protection Authorities and the UK ICO. (2) GOVERNANCE EXPOSURE: High. The inability to guarantee deletion of content replicated across independent federated nodes is a structural limitation of the AT Protocol architecture that may create recurring data subject rights compliance challenges. The document does not explicitly address this limitation, which may itself be a transparency gap under GDPR Article 13/14. (3) JURISDICTION FLAGS: EU and UK users exercising deletion rights face the highest exposure given GDPR and UK GDPR Article 17 obligations. California users exercising CCPA deletion rights may encounter similar limitations. Any jurisdiction with a statutory right to erasure is affected. (4) CONTRACT AND VENDOR IMPLICATIONS: Third-party AT Protocol node operators are not Bluesky vendors in the traditional sense and may not be bound by Bluesky's data processing agreements. Legal teams should assess whether Bluesky has any contractual mechanism to request content removal from independent nodes and what representations, if any, can be made to data subjects about deletion scope. (5) COMPLIANCE CONSIDERATIONS: Bluesky should consider explicit disclosure to users at the point of posting and in the policy that public content distributed via AT Protocol may persist on third-party servers beyond Bluesky's control even after deletion. Data mapping exercises should document the federated distribution pathway as a distinct processing activity. Deletion request workflows should include user-facing communication about the scope and limitations of deletion in a decentralized environment.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Because Bluesky runs on the AT Protocol, public content is not just visible on Bluesky's own servers but can be replicated by any third-party node on the network, which means a deletion request submitted to Bluesky may not remove content from all third-party servers that have already copied it.
Users who delete posts or close their account may find that copies of their public content persist on third-party AT Protocol servers outside Bluesky's control, limiting the practical effectiveness of data deletion rights.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Bluesky.