KnownChildSensitiveDataConsents section could leak information about a users age?

[matt-martin]

This section strikes me as a bit confusing and potentially problematic. If, for example, folks set this to "Not Applicable" for users over the age of 16 and only set "Consent"/"No Consent" for users 16 and under, then couldn't some nefarious party use this for unintended purposes (e.g. to target users under the age of 16 when maybe they wouldn't have that information otherwise). Wouldn't it be better to try to define a user's privacy choices in a way that makes no reference to age?

For example, let's consider the case of CCPA. Under the CCPA, is there ever a case where folks need to distinguish between somebody over 16 who has "opted out" from somebody under 16 who has not "opted in"? Maybe there is. I'm not a lawyer. But assuming there isn't, then perhaps the SaleOptOut section is sufficient and KnownChildSensitiveDataConsents can be eliminated (at least in the limited context of the CCPA; if there are states where certain choices are only available to folks of certain ages then of course we cannot avoid the situation where certain age information is "leaked").

[patmmccann]

as an aside https://github.com/InteractiveAdvertisingBureau/Global-Privacy-Platform/pull/84/files#r1261419236