Don’t get me wrong, I’m all for privacy. But between setting up the birthdate when creating my children’s local account on their computers, and having to send a copy of their ID to every platform under the sun, I’d easily chose the former.
I’d even agree to a simple protocol (HTTP X-Over-18 / X-Over-21 headers?) to that.
It’s not just a privacy issue. Regulatory capture is a problem too. It encumbers small services to the point where they can’t afford to exist, and the only winners are the walled gardens. And it’s also logistically an impossible thing to attempt to regulate at scale.
That isn’t a problem with proper implementation. Not that it will be done properly, just that it can be done properly