![[Logo]](/assets/fediforum.svg)
Utah Interoperability Law / Global Interoperability Law Opportunities
/2025-10/session/2-a/
Topics:
Convener: Johannes Ernst (https://j12t.org), BjornW (@bjornw@mastodon.social)
Participants who chose to record their names here:
- Jeremiah Lee (@Jeremiah@alpaca.gold)
- Saskia Welch (@saskia@newsmast.social)
- @chewie@mammut.gogreenit.net)
- Jesse Karmani (@jesseplusplus@mastodon.social)
- @ozoned@social.ozoned.net)
Website: White paper: Impact of the Digital Choice Act on Social Media Services
Notes
- Bjorn: Wanting to discuss: How can we use these laws to advance the social web specifically over dominant platforms?
- Jeremiah in chat: I believe the EU passed GPDR primarily for economic reasons more than human right to privacy reasons.
- Johannes presenting some of the important points in the White Paper.
- Utah law passed to take effect July 1, 2026: Digital Choice Act. Requires:
- 1: Data portability: move account and all data without avoidable loss of data or connections
- 2: Ability for users on one social media service to interact with users of another service
- 3: Ability to use more than one service at the same time, personal data synchronization
- NY and VT considering similar laws.
- “Social media service” = all websites and apps whose main content is user contributed and that people can interact with. Could cover far more than just the typical understanding of “social media” app.
- No size limit. Anything that has free sign up.
- Commercial or service using open source software.
- Law requires export, not import. A social media service cannot be forced to host content it does not want.
- Jeremiah in chat: I would love for Mastodon to simply comply for itself: importing its own data exports.
- A service might be required to allow people to be followed, even if they don’t allow their users to follow people on another platform.
- Challenge: today’s data exports are often insufficient: a tool cannot reconstitute the social graph.
- Does not prescribe protocols or standards that should be use. Just to be “technically possible”. Patent-free, well documented.
- Possible interpretation of #3: requirement to allow for third-party UIs.
- Stategic options for operators:
- Option: Fight the law: probably won’t work long term if other states considering similar requirements. Few (no?) examples of privacy laws being reversed so far. What will the market look like if you delay complying and competitors just build?
- Related: Implement the letter of the law, while undermining its spirit. “Malicious compliance”.
- Option: Leverage openness and interoperability. 2 levels: sufficient base level implementation or leading lean-in implementation.
- Option: Fight the law: probably won’t work long term if other states considering similar requirements. Few (no?) examples of privacy laws being reversed so far. What will the market look like if you delay complying and competitors just build?
- Jeremiah:
- EU DMA challenge of private messaging interoperability. Without specificying method of compliance leads to situation of which which entity is required to do the work when they can’t agree on a shared protocol.
- Johannes: No set of standards meet all requirements and probably shouldn’t be legally defined. Some day there may be an official list of standards considered to be meeting the requirements.
- Another example of EU PSD2 for bank payments: required banks to have APIs for a specific capability, but didn’t specifiy the interface. Result is the capability, but reality of needing to implement many bespoke API integrations. Next version of PSD will define API interface for interoperability. Gradual refinement of requirements worked well. US had standards for public company financial
- Björn: Mistake of GDPR was no limit of scale and some of the requirements are burdensome to tiny entities instead of scaling requirement. EU learned and fixed this with DMA, DSA by listing companies as gatekeepers. Utah might be making the same mistake.
- Johannes: Project Liberty lobbying in UT, NY, VT. They do a good job of getting politician support.
- Björn: EU tech regulation might be softened due to US trade threats. Laws not weakened, but enforcement might be. Gatekeeper companies, as defined by EU Commission according to DMA, good at weaseling out of the requirements.
- Johannes: EU needs to know about Utah. Hard to argue something is a trade barrier if the same requirements in a US state.
- Björn: What are the ways to embrace these requirements to differentiate as a carrot?
- Johannes: Who in the EU to talk to about this so that Utah could collaborate?
- Jeremiah: European Commission is responsible for gatekeeper identification and enforcement. European Parliament is the primary author of regulation. DMA is smart because it gives desired outcomes, not prescriptive requirements. This gives the EU Commission the ability to respond to malicious compliance.
- Ozoned: US political situation a challenge in general to any progress being made on issues people actually want.
- Johannes: Not clear that there is a US presidential objection to interoperability.
- Johannes: What we can do to promote this?
- Getting word out for individuals to support.
- Companies that stand to gain the most from interoperability now have a method for advocating the gain of this competitive advantage. Get the paper in front of commercial social networks. Second-ranking social media companies should want this.
- Ozoned: What about people in fediverse who felt like interoperability with Threads was A Bad Thing?
- Johannes: Personally sees ActivityPub as a better match for the requirements.
- Jeremiah: Need for technical specification to be complete enought o meet the requirements for legislators to be able to feel comfortable mandating. Traction (multiple organizations adopting a standard) is also in favor. AT Protocol is still a Bluesky thing mostly.