If you thought setting up a new PC was already a little too full of hoops, congratulations, Congress agrees. Their solution is not to remove hoops, streamline anything, or rein in the companies vacuuming up user data. Instead, a new bipartisan bill in the US House wants operating systems themselves to verify your age before you can even finish installation. It’s called the Parents Decide Act, co‑sponsored by Rep. Josh Gottheimer of New Jersey and Rep. Elise Stefanik of New York, and it reads like yet another attempt to outsource the responsibility of online safety to users while letting the companies that actually profit from data collection keep doing what they do best.
At a high level, the bill would require Windows, macOS, Linux, Android, iOS, and basically anything with a boot screen to collect your date of birth during setup. That alone is already a privacy headache, but the bill goes further. It also requires operating system makers to build a mechanism that lets app developers access whatever age‑verification data the OS collects. The language is vague enough that it raises more questions than it answers, and vague legislation is usually where the trouble starts. The bill would allow apps to access “any information as is necessary” to verify age, which is the kind of phrase that tends to balloon in scope once lawyers get involved.
And then there’s the practicality problem. Linux, for example, is famously decentralized. There is no single account system, no unified distribution channel, and no central authority to enforce age checks. The idea that every distro maintainer, from Ubuntu to the one‑person hobby projects, will suddenly implement government‑mandated identity checks is… optimistic. Or maybe the point is to make compliance so difficult that only the biggest players can realistically participate, which would be its own kind of policy failure.
If this all sounds familiar, that’s because California is already rolling out its own version of this idea. The Digital Age Assurance Act will require operating systems sold in the state to collect age information during setup starting next year. It’s the same philosophy: treat age verification as a technical switch you can flip, rather than a complex social and economic problem that can’t be solved by forcing people to type their birthday into yet another form. Some OS makers, like GrapheneOS, have already said they simply won’t comply and will walk away from markets that require identity collection. That’s not a great sign for the feasibility of these laws.
Meanwhile, the companies these bills are supposedly targeting have already been moving toward more transparent, user‑controlled privacy systems. Microsoft, for example, has spent the last year talking about improving user trust in Windows 11. They’ve introduced clearer permission prompts, more explicit consent flows, and a broader User Transparency and Consent initiative that gives people more control over what apps and AI features can access. They’ve also signaled that they want to reduce friction during setup, including exploring ways to loosen the mandatory Microsoft Account requirement. That’s a far more meaningful approach than forcing every user to hand over personal data before they can even reach the desktop.
And here’s the irony. Legislators keep insisting that the way to protect minors is to make users prove who they are, rather than limiting what companies can collect, store, or share. It’s a pattern. Instead of regulating the data‑hungry business models that created the problem, they push the burden onto families, developers, and now operating system installers. It’s a little like blaming the lock on your front door for the break‑ins instead of the people doing the breaking.
The Parents Decide Act is framed as empowering parents, but in practice it risks creating a new layer of surveillance infrastructure without addressing the underlying issue: companies collect too much data because they’re allowed to. Until lawmakers are willing to confront that, we’ll keep getting bills that sound protective but functionally shift responsibility away from the entities that actually need oversight.
And if the goal is truly to safeguard minors, maybe the answer isn’t forcing Windows to check IDs. Maybe it’s finally holding the companies that profit from children’s data to a higher standard. Novel idea, I know.
