The Children’s Online Privacy Protection Act (COPPA) was created to prevent corporations from collecting data about children without parental permission. This law explicitly does not apply to public institutions, non-profits, and government agencies. Yet, many public institutions not only choose not to collect data about children; they forbid children from accessing information without parental permission. Much to my surprise, this includes many public libraries.

Dear Librarians… Will you help explain something to me?

Last week, I went to the Boston Public Library’s website to obtain digital access. In creating my account, I was surprised to encounter this clause:

“Anyone individual who lives, works, attends school, or owns property in the Commonwealth of Massachusetts and is at least 13 years of age may register for an eCard. Library cards for corporations, businesses, libraries, institutions, and children under the age of 13 must be obtained in person at one of our locations.”

Surprised by finding the age restriction – and particularly curious about the fact that it’s 13 – I decided to write to the administrators about why they chose to restrict access to children. What I received in response made my heart sink:

The age restriction on eCard registration is required so that we comply with the Children’s Online Privacy Protection Act (COPPA), a federal law enacted in 1998. The law requires all web sites that collect personally-identifiable information from visitors (name, address, phone, etc.) to restrict registration to individuals of age 13 or older. It’s the same reason Facebook states that users must be 13 or older.

I wrote back to explain that COPPA does not apply to the Boston Public Library because of its non-profit, municipality-driven status. I pointed them to the FTC’s website that explains the rule and asked them for further clarification on why they were restricting access to children. I received the following in response:

I assure you that our intention is not to restrict access to children. However, in addition to staying on the safest side of COPPA, we also require a parent’s signature before issuing library cards to children under the age of 13. Please see http://www.bpl.org/general/circulation/whocard.htm for more information about borrower eligibility.

Amidst this, an amazing Harvard Law School librarian Meg Kibble sent John Palfrey a long note, indicating that BPL was indeed a non-profit and thus probably not required to follow COPPA. Still, she noted that many librarians used COPPA as a starting point:

BPL may be choosing to err on the side of caution. A number of library-related materials I found urge libraries to be aware of COPPA and one suggested adhering to COPPA even though it is not required:

• A CLE on Legal Issues in Museum Administration (attached) by Hope O’Keefe, OGC at Library of Congress, includes creating an online privacy policy as part of best practices and suggests in it “Follow COPPA and document compliance (parental notice & consent to any information collection from children) even if COPPA doesn’t apply.”
• ALA’s Privacy Tool Kit discusses COPPA in relation to school media centers: “The Children’s Online Privacy Protection Act (COPPA) directly affects commercial Web sites targeted to children, as well as those sites that know they are collecting personally identifiable information from children 12 and under. . . .Although libraries are not directly impacted by COPPA, children using the Internet in a library may need help understanding the law and getting consent from their parents.”
• ALA Introduction to COPPA states “Although COPPA does not impose any specific requirements on libraries, in order to provide the best possible service to families, librarians must be aware of the rules governing children’s privacy on the Internet if their libraries provide Internet access.”

BPL still seems to be going further than similar institutions. Some other privacy policies that discuss children/COPPA and seem to be complying with some elements of it (15 USC 6502B suggests regulations) by providing notice about how they collect/delete/otherwise handle children’s information, but mostly don’t prevent children from using their sites:

• Library of Congress: Not copied because it’s long, but it’s very specific and mentions COPPA
• Guggenheim Museum – Children 12 Years Old and Under: “Please note that the Site is not specifically dedicated to children and the Guggenheim does not actively solicit information from children. Children under the age of 12 are required to obtain permission from an adult before submitting information to the Site.”
• Metropolitan Museum – Children Under Thirteen Years of Age: “The Museum takes special care to protect the safety and privacy of children. We do not knowingly collect personally identifiable information from children under thirteen years of age.”
• NYPL – Children’s Privacy: Another long one that doesn’t mention COPPA, but goes into detail about children not revealing personal info.
• White House – Children and Privacy on WhiteHouse.gov: “We believe in the importance of protecting the privacy of children online and do not knowingly contact or collect personal information from children under 13. Our site is not intended to solicit information of any kind from children under 13. To notify us of our receipt of information by children under 13, please contact us through the Privacy Feedback form.”

I have the warmest of fuzzy feelings about libraries and librarians so this surprises me to no end. I recognize that librarians are deeply committed to privacy, for which I am deeply deeply deeply grateful. But I’ve always been under the impression that librarians are also committed to making sure that children have access to information, even information that might upset their parents. In other words, I thought that librarians recognized children’s privacy from adults as well as people’s privacy from institutions. I remember being absolutely delighted when I found out that parents could not get access to their children’s book borrowing history. I like to think of the library as a safe place. Even for children. And especially for children for whom home is not a safe space.

I find it seriously disconcerting that this is all framed around COPPA, as though 13 is a universal magic number. Public institutions like the library aren’t required to follow COPPA. And folks keep telling me that there’s no reason to worry about COPPA when it comes to public institutions because they’re not required to follow it. But, once again, it looks like they are following it, just to be on the safe side. And, more often than not, they’re doing it to restrict access rather than to be conscientious about the types of data that are collected or the usage of that data. Why? Why? Why?

And that’s my question back to librarians: Why are some libraries choosing to restrict children’s access to public information? I get why many adults who live in communities where the kids are AOK want to make sure that parents are involved in their children’s lives and activities. But not all kids are lucky enough to be in households where parent permission to access information is viable. Most of the librarians that I’ve met totally get that. They’ve seen abused children. They’ve seen kids who’ve struggled with their sexuality. They’ve seen children for whom access to information is critical to combating oppression. I wish that parents were always in the right. I wish that parents were always good actors. But they aren’t. And I thought librarians understood that.

So why are librarians implicitly accepting COPPA as the status quo even when you’re not required to abide by it? Why are they trying to pretend like they aren’t seeing under-13s rather than providing services that are especially helpful to under-13s? We don’t have many public sources of information available, let alone information sources that are so carefully and conscientiously curated. I hate to think that children are written out of public information spaces, including libraries and government sites. Just to be on the safe side.

I don’t know how popular online library access is with under-13s, but it depresses me to no end that libraries aren’t going out of their way to welcome children to their communities. I think it’s super important that children are free to be accessing library information, with or without their parent’s permission. What they can get through their public library is so much richer, so much better curated, so much better contextualized than generic online information. Why aren’t libraries actively inviting and encouraging children to join them? Why aren’t they targeting young people directly?

I don’t get it. Please… if you’re a librarian out there, can you explain to me what I’m missing?