alt Hacker NewsWhen I moved from Sweden to Ireland and realized the Swedish central address registry makes moving fantastically easy, I started dreaming of a central registry where consumers and producers could meet. I can give my supplier access to exactly the information they need, and nothing else. I can revoke access when I feel like it. Like OAuth2 for personal data. They can subscribe to updates. It could be a federated protocol.
Not saying I think it's a good idea to provide the year of birth to all sites, but (session ID, year of birth) is the only information they would need. The problem is proving who's behind the keyboard at the time of asking, which would require challenge-response, and is why I think this should be an online platform, not a hardware PKI gadget with keys inevitably tied to individuals.
Knowing what we know about the current environment, each company is going to start selling everything they know about you to anybody who's willing to pay. Enforcing privacy is hard not because it's not possible, but companies have greater financial incentives to just breach your privacy to track and manipulate us.