Don’t get me wrong, I’m all for privacy. But between setting up the birthdate when creating my children’s local account on their computers, and having to send a copy of their ID to every platform under the sun, I’d easily chose the former.
I’d even agree to a simple protocol (HTTP X-Over-18 / X-Over-21 headers?) to that.
The effort from a Linux team here would amount to little more than a “are you 18 yes/no” and there’s no way that would be considered good enough down the line if not now.
Yet, with the way the California bill is written, so long as that data was collected at account creation, it would be adaquate.
Sure. For now. But in any case, aren’t they legally viable if someone complains?
That’s one bit that I do think could do with clarifying. As written resposibility seems to be split between the developer and the controller. From the rest of the bill, it seems like the developer is in the clear if the system functions, and it’s down to the computer controller to ensure users are correctly set up.