Systems and methods for data access control of personal user data using a short-range transceiver

What is claimed is: 1. A method for controlling data access, comprising: receiving, from a first client device via a network, a user token, a service provider token, and a request for a data access key to decrypt encrypted personal user data stored on a contactless card associated with a user; identifying a service provider based on the service provider token; identifying the user based on the user token; verifying that the service provider is authorized to receive access to personal user data stored on the contactless card; retrieving a user key associated with the user and a first service provider key associated with the service provider from a database; generating the data access key based on the user key and the first service provider key; and transmitting the data access key to the first client device, wherein the request for the data access key is generated in response to a tap action between the contactless card and the first client device. 2. The method of claim 1 , wherein the encrypted personal user data is encrypted using the user key. 3. The method of claim 1 , wherein the database stores a user identifier associated with the user and a service provider identifier associated with the service provider. 4. The method of claim 3 , wherein the first service provider key is valid for a limited period of time. 5. The method of claim 1 , further comprising receiving, from a second client device via the network, a second service provider key, wherein the data access key is generated based on the user key, the first service provider key, and the second service provider key. 6. The method of claim 5 , wherein the second service provider key is transmitted by the second client device in response to a tap action between the contactless card and the second client device. 7. The method of claim 1 , wherein the user token comprises the user key, further comprising authenticating the user based on the user key. 8. The method of claim 1 , wherein the service provider token comprises the service provider key, further comprising authenticating the service provider based on the first service provider key. 9. The method of claim 1 , further comprising identifying the service provider as the sender of the request for the data access key based on the service provider token. 10. A data access control system, comprising: a server comprising a processor and a memory, the server in data communication with a database and a client device; and a contactless card associated with a user, the contactless card comprising a processor, a memory, and a communications interface, the memory of the contactless card storing a user token and encrypted personal user data associated with the user, wherein the server is configured to: receive, from the client device via a network, the user token, a service provider token, and a request for a data access key to decrypt the encrypted personal user data, identify the user based on the user token, verify the service provider is authorized to receive access to the personal user data, retrieve a user key and a service provider key from the database, generate the data access key based on the user key and the service provider key, and transmit the data access key to the client device, wherein the request for the data access key is generated in response to a tap action between the contactless card and the client device. 11. The data access control system of claim 10 , wherein the memory of the contactless card further stores basic user data associated with the user, the basic user data encrypted with a basic service provider key. 12. The data access control system of claim 11 , wherein the server is further configured to identify the service provider based on the service provider token. 13. The data access control system of claim 11 , wherein the basic service provider key is valid only for a predetermined period of time. 14. The data access control system of claim 13 , wherein the database stores a user identifier associated with the user, a service provider identifier associated with the service provider, the service provider key associated with the service provider, and the basic service provider key associated with the service provider. 15. The data access control system of claim 11 , wherein the server is further configured to: receive a request for the basic service provider key, verify that the service provider is authorized to receive the basic service provider key, and transmit, to the client device, the basic service provider key. 16. The data access control system of claim 12 , wherein the request for the basic service provider key is independent of the tap action between the contactless card and the client device. 17. The data access control system of claim 11 , wherein the server is further configured to log each transmission of the basic service provider key. 18. A data access control server, comprising: a processor; and a memory, wherein the processor is in data communication with a database and a first client device, and wherein, in response to receipt of a user token, a service provider token, and a request for a data access key to decrypt encrypted personal user data stored on a contactless card associated with a user, the processor is configured to: identify the user based on the user token, verify the service provider is authorized to receive access to the personal user data, retrieve a user key and a service provider key from the database, generate the data access key based on the user key and the service provider key, and transmit the data access key to the first client device, wherein the request for the data access key is generated in response to a tap action between the contactless card and the first client device. 19. The data access control server of claim 18 , wherein: the processor is further configured to receive a service provider token, and the service provider key is valid only for a predetermined period of time. 20. The data access control server of claim 18 , wherein the service provider comprises at least one selected from the group of a first responder and emergency health care provider.