There's a few practical problems with creating that kind of legislation though.
How do you decide who has to comply with it?
Every time I build a website that collects any data from users at all, do I have to also create an API for accessing that data?
Bigger companies such as FB and Google would most likely just move stuff offshore to get around this anyway.
It doesn't necessarily need to be a full API. How about a database dump, or even a .csv? Just some way to get the data out of one system and into another.
That's still a bunch of extra work for a small program, considering you have to worry about security and data protection. Making sure that you don't leak anybody elses data.
How do you decide who has to comply with it? Every time I build a website that collects any data from users at all, do I have to also create an API for accessing that data?
Bigger companies such as FB and Google would most likely just move stuff offshore to get around this anyway.