|
|
|
|
|
|
by etiennebausson
257 days ago
|
|
|
The companies in question could have a flag in every user data to confirm they are over the age limit. At worse keep the birth date, since various aspect of a service can be available depending on age (and user can change locality / country, and therefore be subject to different law). If you keep on top of it, you have at most 3 days of user's "ongoing verification" sensible data available for theft. Keeping more than that will always be an invitation to bad actors. |
|
|
If they only store a boolean or a birthday then they can't show how they verified the data.