Of course, it's not really practical to require businesses to comply with billions of people's individually created privacy policies. But it also isn't realistic to expect individuals to spend more than 200 hours per year to read the dozens of different privacy policies relevant to them.
That doesn't mean we can't give individuals more power over privacy.
This raises another what-if...
If there's one thing software is good at, it's comparing apples with apples. Forget elaborate AIs and natural language processing.
Standardising privacy policies turns them from 'wet code' into 'dry code'. It makes them machine-readable.
Machine-readable things can interact with other machine-readable things.
We could plug privacy 'settings' for individuals into businesses' privacy policies. If businesses had to fill in an electronic form explaining who they share information with, you could fill in a mirror-image form, choosing the businesses you don't want to share info with - e.g. a business that has just had a massive data breach.
Imagine if your browser told you whenever an online provider's privacy 'settings' didn't match your personal privacy 'settings'.