wow, quite a nuanced analysis. thanks for doing this research and writing it up! i’ve linked to this from the GDPR section of Bridgy’s docs.
from a strictly legal GDRP compliance perspective, we (including a lawyer) still tentatively concluded that Bridgy may be exempt from much or all of the GDPR because it’s non-commercial, it only handles fully public data, and that data is generally only sent to personal web sites. details..
the ethics, of course, are an entirely separate question. i myself haven’t addressed them at all yet, but you have thoughtfully and deeply here. thank you for your perspective!