WeVote

Bill

WeVote Research Nonpartisan
Bill Summary · HB 632

Overview

HB 632 (2026 Regular Session, Kentucky) proposes online protections for minors by regulating app store providers and developers to verify ages, obtain parental consent for minors, and restrict the handling of age-related data. The measure creates new requirements, definitions, and enforcement mechanisms intended to reduce minor exposure to apps and purchases without parental involvement, while establishing a regulatory framework and potential civil remedies.

Main purpose and intent

  • Strengthen protections for minors in the online app ecosystem within Kentucky.
  • Ensure minors cannot download, purchase, or engage in in-app purchases without verifiable parental consent.
  • Require age verification at account creation and monitor significant changes to apps that affect minors.
  • Limit the sharing and use of age verification data and age category data, with a focus on parental consent status.
  • Create enforcement and civil remedies for violations, and provide a safe harbor for developers under certain conditions.

Key provisions and changes

  • Definitions (Section 1):

    • Establishes age categories: child (<13), younger teenager (13–15), older teenager (16–17), adult (18+).
    • Defines terms: app, app store, developer, minor, parent/parent account, verifiable parental consent, age category data, content description, significant change, etc.
  • Obligations for app store providers (Section 2):

    • At account creation, require and verify age information using commercially reasonable methods or state/admin regulations.
    • If determined to be a minor, require affiliation with a parent account and obtain verifiable parental consent before the minor can download apps, make purchases, or use in-app purchases.
    • Notify users (and parents for minor accounts) of significant changes to apps and renew parental consent when required.
    • Share with developers: (a) age category data and (b) status of verified parental consent for minors.
    • Notify developers when a parent revokes consent.
    • Protect age verification data with limited collection/processing and industry-standard encryption.
  • Obligations for developers (Section 3):

    • Verify users’ age category and, for minor accounts, whether verifiable parental consent is obtained.
    • Notify developers of significant app changes.
    • Use age category data only to enforce age-related protections, ensure compliance, or implement safety features.
    • Request personal age verification data or parental consent only at key moments (download/purchase, significant changes, or required by law).
    • Limit requests for personal data to once per year (unless justified by risk/suspicion or new account creation).
  • Violations and remedies (Section 4):

    • Violations of Sections 2 or 3 are deemed unfair or deceptive trade practices.
    • Applies existing Attorney General remedies and penalties to these violations.
    • Parents may sue in circuit court for injunctions, actual damages or up to $1,000 per violation, and legal costs.
  • Safe harbor and liability (Section 5):

    • Developers may have a safe harbor if they relied in good faith on age verification data and parental consent status provided by the app store and complied with Section 3.
    • Safe harbor applies only to Sections 1–6 and does not limit other liability.
  • Additional clarifications (Section 6):

    • Provisions do not prevent reasonable security measures, anti-abuse protections, or emergency/service-related constraints.
    • App stores are not required to disclose more than age category data or consent status to developers.
    • Provisions should not force anti-competitive or unlawful behavior; limits re data beyond necessary for verification and consent.
  • Regulatory and effective dates (Sections 8–9):

    • By December 1, 2026, the Office of the Attorney General must promulgate administrative regulations to define minor verification processes.
    • Sections 1–8 take effect December 1, 2026.

Who is affected

  • App store providers operating in Kentucky.
  • Developers whose apps are distributed via Kentucky app stores.
  • Minors seeking access to apps or making purchases within apps.
  • Parents/guardians who would manage and verify consent for their minor children.
  • The Kentucky Office of the Attorney General (Office of Consumer Protection) for regulatory implementation and enforcement.

Procedural and timeline notes

  • Administrative regulations: The Office must establish verification processes by December 1, 2026.
  • Effective date: The act’s provisions become effective December 1, 2026.
  • Enforcement: Creates civil penalties and private rights of action for violations; provides safe harbor considerations for developers.
  • Data handling: Emphasizes encryption and minimal necessary data usage for verification, consent, and compliance.

Potential impacts

  • Increased operational requirements for app stores and developers regarding age verification and parental consent.
  • Greater involvement of parents in minor’s app access and in-app purchasing.
  • Enhanced transparency for parents through parental consent disclosures.
  • New avenues for civil claims by parents for violations, potentially driving compliance.
  • Regulatory clarity on data-sharing boundaries and safety features related to minors.

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.