Depending on where you live, you may have rights to access, correct, delete, or export your personal data, and to object to or restrict how Bluesky uses it.
This analysis describes what Bluesky's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
These rights are meaningful tools for users to manage their personal data, but they are qualified by the phrase 'depending on what laws apply,' meaning the rights available to you depend on your jurisdiction and may not be universally available to all Bluesky users.
Interpretive note: The practical scope of deletion rights is uncertain given the AT Protocol's decentralized architecture; the policy does not address the extent to which Bluesky can remove content from third-party network nodes.
Users in the EU, UK, California, Brazil, and other jurisdictions with privacy rights laws can request access to, correction of, or deletion of their personal data from Bluesky by contacting privacy@bsky.app, though the practical scope of deletion rights may be limited by the decentralized AT Protocol architecture.
How other platforms handle this
Depending on where you live, you may have the right to access the personal data we hold about you, to request its correction or deletion, to receive a copy of your data in a portable format, to object to certain processing, and to withdraw consent where processing is based on consent. To exercise yo...
We are committed to maintaining your trust, and while we do not sell your personal information or share your personal information with third parties for purposes of cross-context behavioral advertising where restricted by applicable law, we want you to understand when and with whom we may share the ...
Depending on your location, you may have certain rights with respect to your personal data, including the right to access, correct, delete, or port your data. You may also have the right to object to or restrict certain processing. To exercise these rights, please contact us through our privacy requ...
Monitoring
Bluesky has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Your Privacy Rights. Depending on what laws apply to your Personal Data, you may have the right to: Request Access to and Portability of Your Personal Information, including: (i) obtaining access to or a copy of your personal information; and (ii) receiving an electronic copy of personal information that you have provided to us, or asking us to send that information to another company in a structured, commonly used, and machine-readable format (also known as the "right of data portability"); Request Correction of your personal information where it is inaccurate, incomplete, or outdated. We may provide self-service tools for you to update your personal information; Request Deletion, Anonymization or Blocking of personal information including when processing is based on your consent, or when processing is unnecessary, excessive or noncompliant (also known as the "right to be forgotten"). Request to Opt-Out of Certain Processing Activities if we engage in certain data processing activities that give you a right of opt-out under applicable privacy laws; Request Restriction of or Object to our processing of your personal information; Withdraw your Consent to our processing of your personal information.— Excerpt from Bluesky's Bluesky Privacy Policy
(1) REGULATORY LANDSCAPE: This provision reflects rights under GDPR Articles 15-22 for EU/EEA users, UK GDPR equivalents, CCPA/CPRA rights for California residents, LGPD rights for Brazilian users, and equivalent provisions under other applicable state privacy laws. The qualification 'depending on what laws apply' is legally accurate but creates a two-tier user rights framework based on jurisdiction. Relevant enforcement authorities include EU national DPAs, the UK ICO, Brazil's ANPD, and California's Privacy Protection Agency. (2) GOVERNANCE EXPOSURE: Medium. The rights are broadly stated and consistent with applicable law, but the interaction between deletion rights and the AT Protocol's decentralized architecture creates a practical enforceability gap that is not addressed in this provision. The document's reliance on 'depending on what laws apply' means users in jurisdictions without strong statutory rights may have limited recourse. (3) JURISDICTION FLAGS: EU and UK users have the most comprehensive statutory rights under GDPR and UK GDPR. California residents have CCPA rights including deletion, portability, and opt-out of sale. Users in states without specific privacy legislation may have limited enforceable rights. The jurisdictional dependency of rights access creates potential for inconsistent user experience. (4) CONTRACT AND VENDOR IMPLICATIONS: Data subject rights workflows must be coordinated across all processors and subprocessors receiving personal data. The policy's statement that Bluesky 'may provide self-service tools' for correction suggests that not all rights are currently exercisable through automated means, which may affect response time compliance under GDPR's one-month obligation. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should maintain a documented data subject rights response process with tracked response times to meet GDPR's one-month deadline. The interaction between deletion requests and AT Protocol distributed data should be documented in user-facing communications and internal procedures. Self-service tools for data correction and portability should be audited for completeness and accessibility.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
These rights are meaningful tools for users to manage their personal data, but they are qualified by the phrase 'depending on what laws apply,' meaning the rights available to you depend on your jurisdiction and may not be universally available to all Bluesky users.
Users in the EU, UK, California, Brazil, and other jurisdictions with privacy rights laws can request access to, correction of, or deletion of their personal data from Bluesky by contacting privacy@bsky.app, though the practical scope of deletion rights may be limited by the decentralized AT Protocol architecture.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Bluesky.