Still early reporting on this one, hence the YouTube link. Summary is that while California’s law only requires the operating system have some way of storing the flag, and does not specify/mandate any form of verification, Brazil’s law requires that they make some effort to prove the user’s identity.

Breaches per failure (as in, per user installation not taking steps to verify age) is R$50 million (est $9.5 million USD)