Perhaps these ideas have already been discussed somewhere, but I think there are some things beyond the basic laws mentioned that could further protect anonymity:
  • Information given directly the other party must not be permanently associated with the user.
  • Identity issuers must not retain permanent records of uses of information permanently associated with the user.
For example, my address is personal information and tells where I physically reside. This information should be distributed only minimally. For example, someone needs to know it to deliver packages to my residence, but the other party to the transaction doesn't need to know this. Instead, a temporary delivery location token colud be assigned by an identity issuer, and the identity issuer could tell the deliverer what the physical location is.

There would be nothing technologically preventing the delivery company from retaining these records (linking tokens with addresses, for example). I don't know if there's any good solution to that.
 
Temporary email addresses would be much more easily achievable with current technology than temporary addresses. Keeping the physical address private would take much more effort, but it also seems to have a bigger payoff in that this information is more sensitive.

This is just a start on how (permanent) identifiying information can be limited in its distribution. I'm sure much more could be said here.