A version of the following public comment was submitted to the Missouri House Committee on Emerging Issues on March 20, 2026.
While Missouri House Bill 2392 (HB 2392) is a worthy attempt to reinforce a parent’s role in keeping kids safe online, the bill suffers from constitutional concerns and privacy risks that must be addressed before it becomes law.
HB 2392 risks legal challenges and raises constitutional concerns
Utah was the first state to pass a bill similar to HB 2392, doing so in 2023 (Senate Bill 152). Legal challenges quickly followed, alleging the bill violated the First Amendment. Meanwhile, the state’s Attorney General requested the court reschedule hearings due to the legislature rewriting the law and postponing the effective date. The new law that followed, Utah Senate Bill 194, was enjoined for violating the First Amendment.
Other states that have passed laws similar to HB 2392 have either lost in court, been forced to delay effective dates, or are now awaiting hearings. This includes Arkansas (permanent injunction), Georgia (preliminarily enjoined), Louisiana (pending judgment, effective date delayed), Tennessee (pending judgment), California’s Senate Bill 97616, which was blocked by the district court and the Ninth Circuit on appeal. Another similar bill, Mississippi’s House Bill 1126, was also struck down by the courts. The list goes on, including Texas, Ohio, and Maryland. Nebraska is likely to be added to that list within the year.
HB 2392 creates clear privacy risks
HB 2392 mandates that companies employ “commercially reasonable methods” to verify the age of users. In practice, these methods include requiring users to upload government-issued IDs and Social Security numbers or submit to biometric facial scans. The bill uses similarly ambiguous language when it requires a social media platform to verify the status of a parent or guardian, and when it requires age-verification methods that are “independently certifiable as compliant with standards for data minimization and security.”
This information, and the process used to gather and collect it, has not only led to privacy risks but also painted targets on the backs of companies that collect it, resulting in significant data breaches that could have been prevented had these laws not been in place. In 2025, for example, a vendor employed by the online platform Discord to comply with similar age-verification mandates set out in the United Kingdom’s Online Safety Act suffered a major breach, placing government IDs and biometric data from 70,000 users in the hands of hackers.