> And the only way to prove that you checked is to keep the data indefinitely.
This is a false premise already; the company can check the age (or have a third party like iDIN [0] do it), then set a marker "this person is 18+" and "we verified it using this method at this date". That should be enough.
And how do they prove to me they (and no 3rd party providers) aren't actually storing the data? I simply don't trust companies telling me they won't store something, so to me the only acceptable option is the data to never leave my device.
If third party does verification with ZKP, you only need to trust that third party. The company that requires verification will not have any data to store.
Nope, as the article notes, it is actually almost never enough because it does not stand up to legal scrutiny. And for good reason: there's no way to conclusively prove that the platform actually verified the user's age, as opposed to simply saying they did, before letting them in.
This is a false premise already; the company can check the age (or have a third party like iDIN [0] do it), then set a marker "this person is 18+" and "we verified it using this method at this date". That should be enough.
[0] https://www.idin.nl/en/