[yjftsjthsd-h]

> If it's the user's data, then under GDPR the other site is obligated to provide a way for them to download/transfer it, specifically with this use case in mind.

In Europe, if the company is actually following the law, in theory yes.

> They are completely in the right to block you though, you're not the owner of that data, you might be breaking their TOS.

IANAL, but AIUI that's definitely not true in the United States and I suspect similar ideas hold elsewhere: https://en.wikipedia.org/wiki/HiQ_Labs_v._LinkedIn

[Klonoar]

There are a litany of posts on this very site that detail why HiQ vs LinkedIn is more nuanced than you're making it out to be. HiQ didn't ultimately have the slam dunk win that people think they did.