By data privacy risks I meant the risk of a breach, compromise, or other leak of the database of verified IDs. No information about the IDs are generally collected in a corner shop, at least when there's no suspicion of fraud; they're just viewed temporarily and returned. Not only do online service providers retain a lot of information about their required verifications, they do so for hugely more people than a typical corner shop.

Also, corner shop cameras don't generally retain data for nearly as long as typical online age verification laws would require. Depending on the country and the technical configuration, physical surveillance cameras retain data for anywhere from 48 hours to 1 year. Are you really saying that most online age verification laws worldwide require or allow comparably short retention periods? (This might actually be the case for the UK law, if I'm correctly reading Ofcom's corresponding guidance, but I doubt that's true for most of the similar US state laws.)

A lot of these shops have cameras which could similarly be compromised. In fact the camera is likely to be more vulnerable and probably already had been hacked by DDoS orgs.

I hate sites asking for photo verification, but I think it is more about convenience/reliability for me. My bigger fear is that if AI locks me out with no one to go for support.

Where I live they scan the barcode on the back of the ID into their POS. I don't know what data that exposes, or exactly what's retained, but I suspect it's enough to thoroughly compromise the privacy of that transaction - with no pesky, gumshoe witness-statement and camera-footage steps necessary.

At least the US laws I've looked at have all specifically mandated that data shall not be retained, some with rather steep penalties for retention (IIRC ~$10k/affected user).