A new proposal in Ohio, House Bill 226 (HB 226), aims to protect kids online by regulating how they access apps and services. Lawmakers are right to prioritize children’s online privacy, but their efforts need to be smart and targeted. Unfortunately, HB 226 takes an overly broad approach that would burden developers who create safe, age-appropriate apps with costly and unnecessary new requirements. At the same time, it leaves a massive loophole for pre-installed apps — including the social media platforms many parents don’t want their kids accessing — thus failing to actually keep kids safe.
Instead of focusing enforcement on apps that actually pose a risk to children’s safety or privacy, HB 226 imposes costly new rules on all apps — even simple, educational tools that don’t collect age data or present any risk of harm. The bill would require verified parental consent for every app a minor downloads, regardless of whether the app poses any risk. That means developers of safe, kid-friendly tools, like flashcard apps or educational games, would be treated the same as developers of apps with mature content or external chat functions. As parents get overwhelmed or ignore the download notices, benign apps will have a hard time growing.
Moreover, the bill’s blanket rule doesn’t reflect how parents and platforms already work to manage children’s experiences online. Most app stores already offer parental controls and notification tools, allowing families to set their own guardrails — and about half of parents already use those tools. HB 226 ignores that reality and instead creates unnecessary friction for apps that are already designed with children’s safety in mind.
In addition, by forcing app stores to verify parental relationships, the bill introduces obligations that app stores and developers cannot reliably fulfill with existing technology. Most minors don’t have government-issued IDs, and there’s no reliable online method for confirming whether a consent-giver is actually a parent or guardian. Unreliable age verification presents legal and logistical challenges that developers — especially those with small teams and budgets — will struggle to navigate.
Worse, under HB 226, developers will be forced to receive and handle sensitive age-related data, even if they don’t need or want it. Take Moving Organizer Pro, an Ohio-based app that helps users stay organized: they have no reason to collect users ages. But under HB 226, developers who create even the most benign, non-controversial apps will receive age signals from app stores. They’ll also be responsible for processing, storing, and securing that data in compliance with federal children’s privacy laws like COPPA. For small developers, those unnecessary data obligations could mean tens or even hundreds of thousands of dollars in compliance costs that they’ll struggle to afford.
But here’s the real kicker: HB 226’s rules only apply to apps downloaded through app stores, not those that come pre-installed on devices, are downloaded directly from a website, or any apps outside of the mobile ecosystem, (i.e. desktop apps, console apps, VR, etc.). That means large companies and apps — like social media apps that many parents don’t want their kids to use — can simply pay manufacturers to preinstall their apps, or offer them through direct downloads to bypass the bill’s requirements entirely.
That massive loophole badly skews the playing field. The bill’s structure means it punishes developers who follow standard app store channels — often the only path available to smaller teams — but offers the big guys an easy way out.
The Developers Alliance supports smart, balanced policies that protect children online, but HB 226 misses the mark. The bill would impose heavy burdens on small developers building safe, age-appropriate tools, while letting higher-risk apps off the hook. Ohio families deserve better.
