Given the authentication services they provide, I suspect this is already a bar they reach. The point about future compliance makes me think about the floundering “You shouldn’t have made an account with us!” while they made their services compliant with GDPR.

I would expect they’d be eager to have this information and would not consider it to be a liability in the slightest.