Tossing this out as I know many here are deep into computer systems and may well have interest or knowledge of the underlying social media (using this in a very broad sense as I think it might go past just FB, Instagram, YouTube, Vimio, Meetups or other settings) technologies.
Status of the thought is "ligh bulb just turned" on but not clear it is really shining a light on anything sensible.
Have not studied the law but from the few news stories I've seen the goal is to require a secure mechanism to all account and data transfers to a new Social Media provider
While I am a big fan of increasing our property rights in our own data (it is very lacking in the online world) I am not sure this law really goes down a good path in that regard. I am also ignoring the entire question of would reducing the costs (to the subscriber) to transfer the account really produce a more competitive landscape or not.
The suggested approach of secure API to transfer still leave all the data and personal information sitting in a common database. That then is a nice target for anyone interested in using the data without the individuals' or the company's permission.
Why not look to establish an industry standard that is based on distributed information sets. Basically the data would reside with the person, and perhaps on a secure, encrypted backup/storage repository. The APIs then would related to allowing that information to be displayed on the SM site, possible retrieved from the external storage rather than the person's laptop.
The API could even define things like retention periods for how long the SM provided could keep the data on their systems before having to delete them and then request an update should someone attempt to access that post.