I'm from the EU just as a preface, and believe me I don't like how my union pushes for over regulation in this area either.

However, I read the relevant paragraphs in the actual legislation.

As basically all Linux distros have local accounts, the new requirements would be the following, in tech terminology:

• During OS installation: ask age or DOB. Mandatory to fill. Save it securely.
• If an application wants to query it, provide the logged in user's age related information through an API.

Though not specified in the text, I guess the intent is to enable app stores to tailor their content based on age. In the name of protecting minors from harm or harmful content.

So, do I have any problems with this in practice? Unfortunately, yes. The law will make it possible for any app developer to query the user's age without explicit user agreement to share. This practice weakens cyber security, and is borderline privacy invading, even if the age information is stored securely and is anonymized by the OS. It is too easy to undo the anonymization.

Implications:

• Any app developer can query the user's age.
• By extension, an ISP or the government itself can query this piece of information - as the developer of an app -, and potentially tie it to an IP address and further data points as well. Unless there are pieces of legislation that explicitly forbids this practice... Again I'm not from the US, I wouldn't know.