from a strictly legal GDRP compliance perspective, we (including a lawyer) still tentatively concluded that Bridgy may be exempt from much or all of the GDPR because it’s non-commercial, it only handles fully public data, and that data is generally only sent to personal web sites. details..
the ethics, of course, are an entirely separate question. i myself haven’t addressed them at all yet, but you have thoughtfully and deeply here. thank you for your perspective!