If you are controlling the middle part of the zkp (or at least can validate it), then identification should not be possible through the zkp even if the attestor and and site collude with each other (they could maybe collude based on some other information, like IP address or browser fingerprinting, ofc).
I think if google provides the attestation and they also provide a client side dependency for the site, then they can collect all the data they want.
Also, nothing stops a site from having a flow like: 1. Please enter your age 2. Verify that it's correct using a proof
The zkp is valid as far as the tech is concerned but the sites can still do whatever they want.