Social media data presents AI researchers with overlapping obligations under the GDPR, copyright law, and platform terms -- yet existing frameworks fail to integrate these regulatory domains, leaving researchers without unified guidance. We introduce PETLP (Privacy-by-design Extract, Transform, Load, and Present), a compliance framework that embeds legal safeguards directly into extended ETL pipelines. Central to PETLP is treating Data Protection Impact Assessments as living documents that evolve from pre-registration through dissemination. Through systematic Reddit analysis, we demonstrate how extraction rights fundamentally differ between qualifying research organisations (who can invoke DSM Article 3 to override platform restrictions) and commercial entities (bound by terms of service), whilst GDPR obligations apply universally. We demonstrate why true anonymisation remains unachievable for social media data and expose the legal gap between permitted dataset creation and uncertain model distribution. By structuring compliance decisions into practical workflows and simplifying institutional data management plans, PETLP enables researchers to navigate regulatory complexity with confidence, bridging the gap between legal requirements and research practice.

翻译：社交媒体数据使AI研究者同时面临GDPR、版权法及平台条款的多重合规义务，然而现有框架未能整合这些监管领域，导致研究者缺乏统一指导。本文提出PETLP（隐私优先设计的提取、转换、加载与呈现框架），该合规框架将法律保障措施直接嵌入扩展的ETL流程。PETLP的核心在于将数据保护影响评估视为动态文件，使其从预注册阶段持续演进至成果传播阶段。通过对Reddit数据的系统分析，我们论证了合格研究机构（可援引《数字单一市场指令》第3条突破平台限制）与商业实体（受服务条款约束）在数据提取权利上的本质差异，同时阐明GDPR义务的普适性。我们论证了社交媒体数据难以实现真正匿名化的原因，并揭示了数据集创建许可与模型分发不确定性之间的法律空白。通过将合规决策转化为可操作的工作流并简化机构数据管理方案，PETLP使研究者能够从容应对监管复杂性，弥合法律要求与研究实践之间的鸿沟。