Are Librarians Encouraging Public Libraries to Abide by COPPA?

The Children’s Online Privacy Protection Act (COPPA) was created to prevent corporations from collecting data about children without parental permission. This law explicitly does not apply to public institutions, non-profits, and government agencies. Yet, many public institutions not only choose not to collect data about children; they forbid children from accessing information without parental permission. Much to my surprise, this includes many public libraries.

Dear Librarians… Will you help explain something to me?

Last week, I went to the Boston Public Library’s website to obtain digital access. In creating my account, I was surprised to encounter this clause:

“Anyone individual who lives, works, attends school, or owns property in the Commonwealth of Massachusetts and is at least 13 years of age may register for an eCard. Library cards for corporations, businesses, libraries, institutions, and children under the age of 13 must be obtained in person at one of our locations.”

Surprised by finding the age restriction – and particularly curious about the fact that it’s 13 – I decided to write to the administrators about why they chose to restrict access to children. What I received in response made my heart sink:

The age restriction on eCard registration is required so that we comply with the Children’s Online Privacy Protection Act (COPPA), a federal law enacted in 1998. The law requires all web sites that collect personally-identifiable information from visitors (name, address, phone, etc.) to restrict registration to individuals of age 13 or older. It’s the same reason Facebook states that users must be 13 or older.

I wrote back to explain that COPPA does not apply to the Boston Public Library because of its non-profit, municipality-driven status. I pointed them to the FTC’s website that explains the rule and asked them for further clarification on why they were restricting access to children. I received the following in response:

I assure you that our intention is not to restrict access to children. However, in addition to staying on the safest side of COPPA, we also require a parent’s signature before issuing library cards to children under the age of 13. Please see for more information about borrower eligibility.

Amidst this, an amazing Harvard Law School librarian Meg Kibble sent John Palfrey a long note, indicating that BPL was indeed a non-profit and thus probably not required to follow COPPA. Still, she noted that many librarians used COPPA as a starting point:

BPL may be choosing to err on the side of caution. A number of library-related materials I found urge libraries to be aware of COPPA and one suggested adhering to COPPA even though it is not required:

  • A CLE on Legal Issues in Museum Administration (attached) by Hope O’Keefe, OGC at Library of Congress, includes creating an online privacy policy as part of best practices and suggests in it “Follow COPPA and document compliance (parental notice & consent to any information collection from children) even if COPPA doesn’t apply.”
  • ALA’s Privacy Tool Kit discusses COPPA in relation to school media centers: “The Children’s Online Privacy Protection Act (COPPA) directly affects commercial Web sites targeted to children, as well as those sites that know they are collecting personally identifiable information from children 12 and under. . . .Although libraries are not directly impacted by COPPA, children using the Internet in a library may need help understanding the law and getting consent from their parents.”
  • ALA Introduction to COPPA states “Although COPPA does not impose any specific requirements on libraries, in order to provide the best possible service to families, librarians must be aware of the rules governing children’s privacy on the Internet if their libraries provide Internet access.”

BPL still seems to be going further than similar institutions. Some other privacy policies that discuss children/COPPA and seem to be complying with some elements of it (15 USC 6502B suggests regulations) by providing notice about how they collect/delete/otherwise handle children’s information, but mostly don’t prevent children from using their sites:

  • Library of Congress: Not copied because it’s long, but it’s very specific and mentions COPPA
  • Guggenheim Museum – Children 12 Years Old and Under: “Please note that the Site is not specifically dedicated to children and the Guggenheim does not actively solicit information from children. Children under the age of 12 are required to obtain permission from an adult before submitting information to the Site.”
  • Metropolitan Museum – Children Under Thirteen Years of Age: “The Museum takes special care to protect the safety and privacy of children. We do not knowingly collect personally identifiable information from children under thirteen years of age.”
  • NYPL – Children’s Privacy: Another long one that doesn’t mention COPPA, but goes into detail about children not revealing personal info.
  • White House – Children and Privacy on “We believe in the importance of protecting the privacy of children online and do not knowingly contact or collect personal information from children under 13. Our site is not intended to solicit information of any kind from children under 13. To notify us of our receipt of information by children under 13, please contact us through the Privacy Feedback form.”

I have the warmest of fuzzy feelings about libraries and librarians so this surprises me to no end. I recognize that librarians are deeply committed to privacy, for which I am deeply deeply deeply grateful. But I’ve always been under the impression that librarians are also committed to making sure that children have access to information, even information that might upset their parents. In other words, I thought that librarians recognized children’s privacy from adults as well as people’s privacy from institutions. I remember being absolutely delighted when I found out that parents could not get access to their children’s book borrowing history. I like to think of the library as a safe place. Even for children. And especially for children for whom home is not a safe space.

I find it seriously disconcerting that this is all framed around COPPA, as though 13 is a universal magic number. Public institutions like the library aren’t required to follow COPPA. And folks keep telling me that there’s no reason to worry about COPPA when it comes to public institutions because they’re not required to follow it. But, once again, it looks like they are following it, just to be on the safe side. And, more often than not, they’re doing it to restrict access rather than to be conscientious about the types of data that are collected or the usage of that data. Why? Why? Why?

And that’s my question back to librarians: Why are some libraries choosing to restrict children’s access to public information? I get why many adults who live in communities where the kids are AOK want to make sure that parents are involved in their children’s lives and activities. But not all kids are lucky enough to be in households where parent permission to access information is viable. Most of the librarians that I’ve met totally get that. They’ve seen abused children. They’ve seen kids who’ve struggled with their sexuality. They’ve seen children for whom access to information is critical to combating oppression. I wish that parents were always in the right. I wish that parents were always good actors. But they aren’t. And I thought librarians understood that.

So why are librarians implicitly accepting COPPA as the status quo even when you’re not required to abide by it? Why are they trying to pretend like they aren’t seeing under-13s rather than providing services that are especially helpful to under-13s? We don’t have many public sources of information available, let alone information sources that are so carefully and conscientiously curated. I hate to think that children are written out of public information spaces, including libraries and government sites. Just to be on the safe side.

I don’t know how popular online library access is with under-13s, but it depresses me to no end that libraries aren’t going out of their way to welcome children to their communities. I think it’s super important that children are free to be accessing library information, with or without their parent’s permission. What they can get through their public library is so much richer, so much better curated, so much better contextualized than generic online information. Why aren’t libraries actively inviting and encouraging children to join them? Why aren’t they targeting young people directly?

I don’t get it. Please… if you’re a librarian out there, can you explain to me what I’m missing?

Print Friendly, PDF & Email

22 thoughts on “Are Librarians Encouraging Public Libraries to Abide by COPPA?

  1. Carolyn Caywood

    First, I am speaking only for myself.
    Your question reflects a larger issue that antedates the Internet. ALA says, “We affirm the responsibility and the right of all parents and guardians to guide their own children’s use of the library and its resources and services;”
    Yes, there are parents who should not be parents, but on the whole, humans have not created any institution that does a better job of parenting or cares more about nurturing an individual child. I, as an agent of the state, might want to make different choices from a particular parent, but if liberty means anything, it surely means the right of parents to make those choices for their own children. (Unless and until a court finds that they are harming the child.) Librarians say that one parent cannot dictate choices for the children of another by insisting the library censor, but the same rule must apply to the librarian.

    Moving on to the practical, we all want children to have happy experiences with libraries. This is most likely to happen when the child’s parent understands library rules and expectations. And this is most critical precisely with those parents who do not have a history of library use. I have seen parents make a child give up a borrower card because their child returned a book late, even though the child had no way to return it without the parent. I want a chance to help the parent understand the ground-rules, whether that’s fines or reading choices. I don’t want parents denying their children access to the library because they misunderstood something.

    So, while COPPA does not apply, something of the underlying motivation does. I would not shift the justification to COPPA, but I suppose some librarians think it backs up a decision made for the reasons above.

  2. Sara DeAngelis

    Being perceived by the public as safe and “trustworthy” is very important to the identity of libraries (and museums.) Add to that fear of the media/public response to incidents involving children. These seem to me to be at the heart of strict compliance with COPPA even though not required and, as you point, out not actually helpful to all children.

  3. Andrea Forte

    Weird that it would be framed around COPPA. My understanding is that CIPA (Children’s Internet Protection Act) is the law to watch wrt youth access to information in libraries and schools. CIPA basically says schools and libraries can’t get FCC funds for connectivity unless they have policies that prohibit minors from accessing “inappropriate” materials and install filters, etc. E-rate certification process ensures compliance.

    I think we need a much better sense of what’s going on in schools and libraries and how legislation like this is being interpreted! My fabulous collaborators here at Drexel–Denise Agosto, Rachel Magee and Robin Naughton–and I are actually about to launch an IMLS-funded national survey of youth and social media policies in school and public libraries to better understand how this is all playing out “on the ground.”

  4. Becky

    Wisely spoken @Carolyn Caywood. It is not the government’s job to be the parent. When state employees undermines the parent, they have overstepped their bounds.

  5. Ben Chun

    Does BPL filter/censor their public internet access to comply with CIPA (in order to get e-rate funding)? If so, it could be the case that folks both under and over the age of 13 aren’t able to get the information they need even if we can solve the false COPPA compliance issues.

  6. John S. Erickson, Ph.D.

    Thank you dana for another thoughtful post!

    Normally I admire the role librarians play — indeed, assert — in their communities. In my experience librarians are the ones who contribute both knowledge and experience to discussions of intellectual property, privacy, free expression, and other core principles. But in this case I think that those applying COPPA are either mis-interpreting the statute or crudely applying statements of principles such as Libraries: An American Value.

    Indeed, Libraries: An American Value ought to first be re-ordered, to prioritize constitutional rights, privacy, freedom of speech and consumption of ideas. Then it can “…affirm the responsibility and the right of all parents and guardians to guide their own children’s use of the library and its resources…” but with the caveat, insofar as such such parental guidance does not violate these other principles. Librarians should not be accomplices in parental neglect when it comes to children becoming well-informed, contributing citizens.

    Obviously, it is too much to expect librarians to make such a statement. Thankfully, there are individual librarians who I know do what is best for the children of the community every day, and for that I am thankful.

  7. Liza Barry-Kessler

    Back when COPPA was first passed, I worked for Leslie Harris & Associates and did some consulting with the ALA Washington Office on both COPPA negotiations and the Privacy Tool Kit. I’m sure it has been through many revisions since then, but the text you quoted sounds very much like something I wrote at the time.

    Bearing in mind that all of this was between 1998-2002, I’m going to try to explain what I was thinking of — and what Leslie and the ALA Washington Office and OIF people were discussing — when I wrote, “The Children’s Online Privacy Protection Act (COPPA) directly affects commercial Web sites targeted to children, as well as those sites that know they are collecting personally identifiable information from children 12 and under. . . .Although libraries are not directly impacted by COPPA, children using the Internet in a library may need help understanding the law and getting consent from their parents.”

    We were thinking about children who are under 13 and in the library without their parents. If COPPA compliant web sites were giving those kids frustrating experiences with using library computers, how should librarians help? They can’t give proxy permission to the commercial web site to collect information — but they can explain to kids what they need to do to get access to a site or game, and they can help parents understand why they might or might not want to give that permission, and how to do it if they make that choice.

  8. Liza Barry-Kessler

    Also, @Andrea, I suspect that the number of people who can reliably distinguish between COPPA, CIPA, and the various other similarly named bills and laws tops out in the low hundreds.

    Ryan Turner wrote a nice, probably out of date, article distinguishing among them when he was still at OMB Watch:, “CIPA, COPA, COPPA, CPPA: Child Online Protections Explained.”

  9. Mary Minow

    There seems to be some confusion between accessing information and inputting information. The COPPA requirements that come into play here concern children putting in their personal (defined very broadly) information, but not accessing information. CIPA does in fact require libraries that take certain federal discounts/funds to put in technological protection measures to block images that are “harmful to minors.” COPPA does not.

  10. ulotrichous

    Why? Because exposure-adverse city, county, or campus attorneys advise library administrators and boards that this is the appropriate policy response. Few librarians want policies like this (although many subscribe to the doctrine of better safe than sorry), and even fewer are in positions to challenge the advice of counsel (or get a second opinion) on this kind of thing.

  11. Stephen Spohn

    Let me begin by saying that I see the value of the principles underlying both sides of this argument, but let’s talk “practical” for a moment:

    Have you ever tried telling a parent that you know better than they do when it comes to their children? And survived? I’ve seen parents scream at principals and teachers for doing their jobs. I’ve seen parents scream at shop clerks for asking their kids to stop rampaging through a store. I’ve heard of parents screaming at librarians for giving their kids borrowing cards and refusing to pay the fines that their kids accrue for missing books. How easy do you think it would be for your local library to recruit a great staff when one of the job perks is an increased frequency of parents screaming at you? I fear we’d lose a lot of great librarians.

    Let’s pick our battles here. Librarians are trying to make inroads with parents to get to their kids. They rely on parents for transportation and support for their children’s programs that do encourage reading, intellectual curiosity and, I’ll argue, critical thinking. Setting them up for confrontations with parents works against them and the very things that make libraries great places for kids.

    I recognize that the system isn’t perfect. There are bad parents out there, but I don’t feel that libraries and librarians the ones in charge of doing something about that.

  12. the.effing.librarian

    I’m confused. I don’t know of any public information being denied to children, so “Why are some libraries choosing to restrict children’s access to public information?” has me wondering what I’m missing in your concerns.

    we don’t own the electronic materials and databases we lease and since these are from private companies, we feel it’s in our patron’s best interests to not have them put the vendors on the wrong side of the law by collecting data from individuals the vendors think are adults (or children with parental permission). and again, these subscriptions are not for public information, but content provided by the vendor such as newspapers, ebooks, reference sources.

    so if Company A collects user data, and the library gives an “eCard” to a child, then Company A is now collecting data from a child. Company A is either going to demand that the library cease giving cards to children without a parent’s signature/knowledge/permission or, what, the get hit with a fine for violating the law?

  13. Jack Vinson

    I have a different direction on this: why don’t we encourage our service providers to stop collecting and distributing our personal data, period. No matter how old we are.

  14. Bonnie Bracey Sutton

    Just out of curiousness, I visited a few libraries in the Washington DC area. What the policy is seems to depend on the people in charge of children’s services. The three places that children can access the Internet if they have no computer are school, the Library, and some community centers, or as in the case of Native American groups special places for communication, Chapter Houses.

    There is so much confusion about COPPA and if you start to talk about it it depends on the librarian, what their understanding is of it.
    While there are waiting lines in most of the Fairfax libraries they were welcoming to the public.
    Computer Access at the Library

    The library offers more than 300 public computers at our 23 branches. Each computer provides Internet access as well as Microsoft Office. Customers can print for 15¢ (printing not available at Access Services branch.)

    All branches offer Wi-Fi access.

    Many branches offer computer-related instruction. Visit the library’s Calendar of Events to search for a class.

    Computer use is free for customers with a library card. Those without a card, or who do not have their card with them, can purchase a guest pass for $2 (must show identification).

    Computer use may be limited to two 45-minute sessions per day depending on the branch.

    Information may be saved to customer CDs or flash drives. The Fairfax Library Foundation sells flash drives for $8 at library branches for the convenience of customers.

    Parents or guardians are responsible for the Internet information accessed by their children.

    Acceptable Use of the Internet in the Library.

    Learn more about the Internet. Here is the acceptable use.

    Use of Internet stations is open to all library users. Parents or guardians are responsible for the Internet information accessed by their own children. Refer to the library’s website for links to sites that provide suggestions on using the Internet safely and effectively.

    Time Limits
    Internet sessions on library workstations are 45 minutes long. Due to the popularity of this service, users are limited to two sessions per day system-wide. Sessions may extend beyond 45 minutes if no other users are waiting. During your Internet session, you can select items to print for a fee. These print jobs should be picked up within an hour after they are created.

    Internet access on your wireless device is available during regularly scheduled library service hours. There is no time limit for wireless access during these hours. This Acceptable Use Policy must be accepted when using Wi-Fi.

    Information found on the Internet may be downloaded to your own storage device within your session time limit. Be aware that downloaded files may contain computer viruses and use proper precautions. The library is not responsible for damages which may result from files downloaded from the Internet. You must adhere to copyright and software licensing when downloading.

    Use of Library Workstations and Internet Access
    All computer hardware, software and Internet access provided in the library to access the Internet shall not be used for any unlawful purpose, e. g. , fraud, gambling, child pornography. Threats and unauthorized use of the name or picture of another person are not permitted. Access to the Internet at the library is filtered and monitored in accordance with Section 42. 1-36. 1 of the Code of Virginia.

    To help us keep the equipment working properly and as a courtesy to others, tampering with or altering the library’s software or hardware is not permitted. It is prohibited to connect personally owned equipment or devices for the purpose of circumventing or tampering with the normal operation of computer hardware.

    These restrictions also apply to wireless devices. Tampering with or in any way altering the library’s Internet access, or interfering with other wireless devices without consent, are also not permitted.

    Printing services are available from library workstations for a fee. Printing services are not available from wireless devices.

    Failure to comply with these acceptable uses will result in loss of Internet privileges at the Fairfax County Public Library.

    I did not have much luck with DC libraries, but perhaps I picked the wrong libraries. Thank you Dana for making me think. I am going to share your post with my thoughtful library friends for discussion.


  15. Elizabeth Pyatt

    I wonder if part of it is the general distrust of unfamilar media? An example from my own life was that my mother gave me permission to read any book I wanted, even at a young age, but wanted to restrict what movies I could watch until I was older (she didn’t want me getting nightmares after viewing JAWS). In fact, I would argue that images (movies/online videos/comics/games) seem to provoke stronger feelings than text. People get (justifiably) angry when books are censored, but are much more willing to accept censorship of movie, games, comics and even music. It’s partly a perception that these genres may not be “serious” as well (NOT true), but it is still a different censorship standard than is often applied to print books.

  16. Jeanine

    I’ve not been a public librarian (just an academic one) but from my experience managing library databases, Mary Minow above probably has got a good chunk of it.

    Most data collected by most libraries these days is done with the aid of third-party software (in addition to all the various and sundry web applications out there for other things). I would imagine that public libraries, being governed by cautious local governments, are not always real clear on the lines around “their data” and the company’s data.

    For example, if Innovative Interfaces, as my library’s ILS vendor, collects data on an <13 patron via a Web interface and stores that data on the cloud…have I just inadvertently circumvented CIPPA? IANAL, but I'm not sure there's enough precedent here for libraries and their governing bodies to feel real safe about the "non-profits are exempt" clause.

    BUT, I would also imagine clever public librarians are working on ways to quietly circumvent these restrictions to get materials in the hands of patrons who need them. Because they always have.

Comments are closed.