[dragonwriter]

The law prohibits people under 18 from being account holders without parental permission, but also requires “reasonable age verification” of all accountholders.

Being a minor and having parental permission does not bypass the age verification requirement (in fact, that’s how the platform identifies minors), which is what government ID is enumerated as a means to satisfy.

But, from a data security and privacy perspective its worse, because it maximizes initial distribution of PII by explicitly requiring use of a third-party vendor for age verification of all account holders, so you can’t limit use of platforms to vendors you trust, because they have to outsource age verification.

On the PII side, on the other hand, in what seems clearly to be a drafting error, as written, the law does not allow a social media company to retain “any identifying information of the individual” once access has been granted to the service, which... would be tricky to comply with.