Bluesky — Regulatory Order
Executive Summary
Bluesky's most significant policy overhaul since launch: the Privacy Policy and Copyright Policy were fully rewritten to comply with the EU Digital Services Act (DSA), UK Online Safety Act (OSA), US TAKE IT DOWN Act, and GDPR. Key changes included enhanced data subject rights disclosures, documentation of safeguards for international data transfers outside the EU/UK, strengthened clarity on deletion limitations inherent in the decentralized AT Protocol architecture, and jurisdiction-specific provisions.
What Happened
On September 15, 2025, Bluesky implemented a comprehensive rewrite of its Privacy Policy and Copyright Policy to comply with multiple regulations including the EU Digital Services Act, UK Online Safety Act, US TAKE IT DOWN Act, and GDPR. The updated Privacy Policy enhanced disclosures around data subject rights, documented safeguards for international data transfers outside the EU and UK, and clarified deletion limitations inherent in the decentralized AT Protocol architecture. The policy updates also included jurisdiction-specific provisions to address the varying legal requirements across different regions.
Who Is Affected
All Bluesky users globally are affected by the policy changes, with specific enhanced protections and disclosures added for users in the European Economic Area and United Kingdom. Users in jurisdictions covered by the Digital Services Act, Online Safety Act, and GDPR receive additional privacy rights documentation and international data transfer safeguards. The changes also impact how user data deletion requests are handled due to the technical constraints of the AT Protocol's decentralized architecture.
Why It Matters
This represents Bluesky's most significant policy overhaul since its launch and demonstrates how emerging social platforms must navigate an increasingly complex global regulatory environment. The updates highlight the tension between decentralized network architecture and traditional privacy rights like data deletion, making explicit the technical limitations users face when requesting complete data removal. The simultaneous compliance with multiple major regulatory frameworks sets a precedent for how federated social networks adapt their privacy practices to meet divergent legal requirements across jurisdictions.
What You Should Do
Review the updated Privacy Policy effective September 15, 2025, available on Bluesky's Support Page to understand how your data is handled under the new framework. Pay particular attention to the sections on international data transfers if you are in the EU or UK, and review the deletion limitations section to understand what data may persist in the AT Protocol network even after account deletion. Update your Personal Data directly in the Bluesky App or on the Site to ensure Bluesky's records remain accurate under the new policy requirements.
AI-Assisted
Event summaries are generated by Claude AI from verified sources and reviewed by humans before publication.