This plan sounds like a billion dollars will go to a consulting firm to try to build a system that does a magic 1-click opt out. But it will be extremely difficult to accommodate all the edge cases that come with integrating 500+ varying sources of varying levels of quality of personal data. The legal system alone has the power to change enforcement, any thoughts on why they aren't focusing there?