> Should the "purchased" software and media be within the data export scope?
I presume most of this is licensed, so no
> Does your regulation imply government id registration for all internet services?
No
> How should the service identify the person asking for data export?
Username, password, pin, MFA, security questions. Anything already in use for identification
> Does your regulation imply government id registration for all internet services?
No
> What if the service is e2ee?
Then the encrypted data is provided
> How do they deliver "human readable file formats"?
It can still become human readable if the user took proper care of their private key
> Are we also banning e2ee?
No
> What do compliance requirements imply for people's ability to start competing services?
If your service can't provide reliable access to backups then presumably you will already not do well competing in any market where user data is valuable. That should be at the forefront of the service model. Unless you don't care about interoperability like Apple
> You are proposing to replace a very tiny bit of personal responsibility (having backups) with a very intrusive, and highly consequential, legal mechanism.
Not really. If export functionality isn't already built out then it should be
I presume most of this is licensed, so no
> Does your regulation imply government id registration for all internet services?
No
> How should the service identify the person asking for data export?
Username, password, pin, MFA, security questions. Anything already in use for identification
> Does your regulation imply government id registration for all internet services?
No
> What if the service is e2ee?
Then the encrypted data is provided
> How do they deliver "human readable file formats"?
It can still become human readable if the user took proper care of their private key
> Are we also banning e2ee?
No
> What do compliance requirements imply for people's ability to start competing services?
If your service can't provide reliable access to backups then presumably you will already not do well competing in any market where user data is valuable. That should be at the forefront of the service model. Unless you don't care about interoperability like Apple
> You are proposing to replace a very tiny bit of personal responsibility (having backups) with a very intrusive, and highly consequential, legal mechanism.
Not really. If export functionality isn't already built out then it should be