This seems completely unworkable but it’s a novel idea for managing access to personal data. Establishing a 3rd party entity to deal with the complexity might make sense.