The offline photos idea would be a wise choice until the child has grown up and can make the decision but let us assume your wife will not accept that approach.
The Proton Drive idea also sounds reasonable since you already use that service. You should password protect the shared link but you will want another communication path than email to share the password to your shared folder. Use different folders with limited expiration dates (3 months?) for different sets of photos. Be sure to write to relatives that they are not to share the photos. We get emails asking us not to share things, be it links to photos or sensitive topics such as health. If someone breaks the rule, you may have to "ground" that person by cutting off their access to folder sharing for a period of time. You must communicate the "grounding" to others but that person might still go behind your back and get the link and password from a sympathetic someone else.
Have you thought about using a Fediverse instance for family and friends? There is a fantastic blog post on this subject. https://runyourown.social/ You would end up running a fork like Hometown that allows you to keep a portion of your community not federated where family and friends can share pictures with each other so that only users with accounts (plus your web server staff) can access your photos. https://github.com/hometown-fork/hometown You would be helping out many family members and friends instead of only helping your child. You would get more family and friends to support you because they would also be invested in making your Hometown server work for them. Find a relatively safe web server to host your data. https://www.eucloud.tech/en/eu-providers/vps-hosting
I would like to raise two somewhat related reasons for keeping Do Not Track which I have not yet seen discussed.
Reason 1: The analytics industry has made it easy for webmasters to make an explicit choice.
More than 15 analytics tools support the ability to obey Do Not Track signals as a setting for webmasters. Instead of leaving it up to webmasters to code a solution, the analytics industry has stepped up and has made it easy for a webmaster to make an explicit choice. A webmaster can migrate from one analytics tool to another tool while still being able to easily apply the same choice.
Reason 2: A significant number of websites have added text in their privacy policies indicating an explicit choice regarding Do Not Track signals.
Privacy policies are difficult to read and interpret. There are not many standards for privacy policies, making them typically very hard to compare against each other.
If we put our creative minds to the task, we might see that Do Not Track offers us a solution by providing a reasonably consistent way to QUICKLY EVALUATE a company's explicitly chosen practice by looking at only a small portion of a privacy policy.
We can either spend the time to open up a privacy policy and search for the Do Not Track section or we can perform a web search with the website's name and the "Do Not Track" text.
It is not important whether we actually set the Do Not Track setting in our web browser! What is important is that the setting actually exists in our web browser as a potential choice. By keeping that setting available as a choice for users, some webmasters may continue to feel compelled to describe the explicit choice made for their websites, and we gain the ability to quickly understand the INTENTIONS of a given website. Do Not Track grants us the ability to be able to SAVE TIME by having a common way to evaluate multiple websites.
Here is a list of analytics services which offer a setting to enable or disable the obeying of Do Not Track signals.
https://experienceleague.adobe.com/en/docs/marketo/using/product-docs/web-personalization/getting-started/setting-web-personalization-to-do-not-track "In Web Personalization and Predictive Content, a marketer can set a toggle to indicate whether to support or ignore the browser's Do Not Track (DNT) setting." "When the toggle is set to On, Web Personalization will honor and support the browser's Do Not Track (DNT) setting, and will not track any web activity or run any campaigns or content recommendations on your website."
https://saschaeggi.medium.com/setup-matomo-analytics-with-drupal-and-respect-do-not-track-header-gdpr-compliant-d382b12e2740 "Matomo already provides you a setting to respect users with a 'Do Not Track' (DNT) header set."
https://docs.simpleanalytics.com/dnt "By default the data will not include visitors with the Do Not Track enabled. To also record DNT visitors you can add data-collect-dnt='true' to the script tag" "If you don't add the data-collect-dnt attribute we will not record visits from users who have DNT enabled."
https://developer.bitmovin.com/playback/docs/do-not-track-cookie-handling-in-analytics "By default Bitmovin Analytics will honor this user preference and ignore all incoming requests that have the DNT header set to 1."
https://www.hotjar.com/policies/do-not-track/ "Before collecting your data, Hotjar always checks to see if you have enabled the 'Do Not Track' setting in your browser."
https://wp-statistics.com/resources/do-not-track/ "The DNT-respecting functionality is active by default, aligning with our privacy-first philosophy."
https://help.mouseflow.com/en/articles/4325367-the-privacy-settings "Honor Do-Not-Track" "This setting allows you to honor the Do-Not-Track (DNT) signal. When enabled, Mouseflow will listen for the signal and if it is found, prevent the user session from being recorded."
https://jetpack.com/support/jetpack-stats/jetpack-stats-honor-do-not-track-dnt/ "As a site owner, you can force the Jetpack Stats feature to honor any visitors with DNT enabled and not track their activity"
https://wideangle.co/documentation/data-do-not-track-handling "Wide Angle Analytics proudly handles the Do Not Track irrespective of broader adoption. Doing so allows your visitors to indicate their Opt-Out of the tracking process."
https://docs.metrical.xyz/privacy/what-we-track "Metrical will honour the Do not Track setting and we don't send the visit when we find the do not track flag enabled."
https://umami.is/docs/v1/tracker-configuration "You can configure Umami to respect the visitor's Do Not Track setting."
https://wpcrux.com/blog/how-to-make-google-analytics-respond-to-do-not "To make Google Analytics respond to 'do not track,' you can enable the 'Respect Do Not Track' option in the settings of your Google Analytics account."
https://documentation.freshpaint.io/integrations/destinations/apps/mixpanel/mixpanel-reference "Ignore DNT" setting "When enabled, Mixpanel will track all events, regardless of if the browser has 'Do Not Track' enabled."
https://websmithiananalytics.ca/help/dnt "Yes, we honor the Do Not Track (DNT) setting from browsers that support it."
https://github.com/milesmcc/shynet "By default, Shynet will not collect any data from users who specify DNT."
https://baseanalytics.io/do-not-track-dnt/ "We do honor the Do Not Track (DNT) setting from browsers which support this."