This is why the EU is going the app route. You load your ID into an app, and can review on-the-fly what data you're sharing (including a simple "older than 18" token to buy liquor). The app also allows keeping a log of who requested what data, so if you find out in hindsight that your grocery store requested your full name illegally, you can report them.

Enforcement chances in the US, maybe outside of California, do seem low, but at least the "we cannot do it" argument is off the table when the EU has a ready-to-deploy suite on Github for anyone to access. If you don't like the EU, the Yivi (previously IRMA) project implements pretty much the same ecosystem, but in a slightly different way.