Sounds similar to OpenId connect for authentication, service requests scopes which pulls varying info and user can be shown a consent screen with what data is being requested for approval.
I’d like a similar model for data sharing, though you will need privacy laws since you can revoke access in this case, but currently there would be nothing preventing storing your data at the time elsewhere or sharing it.
Fines would have to be something crazy like Tik Tok ban $5000 per user type of deal