New rules take effect this month intended to protect kids’ privacy online, and some librarians are worried. Some say that the more stringent regulations may impede mobile app use in elementary schools—and also prevent kids from recreationally sharing favorite hobby sites with each other.
The regulations update the Children’s Online Privacy Protection Act (COPPA), launched by the Federal Trade Commission (FTC) in 1998. The amendments are meant to limit companies’ abilities to reach children under 13 online and to collect personal information about them without their parents’ permission, as SLJ reported in December.
Businesses will now have to obtain parental consent for kids to use their sites and apps and to gather personal data about their child users, in many cases. Acceptable proof of permission from a parent can include a signed form that is faxed, mailed, or emailed to a company; a credit card, debit card, or government ID; a call to a toll-free number, or a video conference.
The definition of a child’s “personal information” includes data such as “geolocation information, as well as photos, videos, and audio files that contain a child’s image or voice,” along with “persistent identifiers that can be used to recognize a user over time and across different websites or online services,” according to an FTC document.
Library sites are largely not impacted by the new rules, since they apply to commercial enterprises, says Deborah Caldwell-Stone, deputy director of the Office for Intellectual Freedom at the American Library Association (ALA). “You’re not selling data—that’s the last thing you’re doing as a library,” she says.
However, librarians should know whether their site uses a commercial widget or another tool that collects information about young patrons, she says. If so, librarians must “be aware of what it is doing with information.” In addition, Caldwell-Stone emphasizes, “you need to be aware of the law because you have parents asking you for information about it.”
Some youth librarians see more roadblocks than benefits in the new rules. “It’s hard to determine how this will play out until we see how sites respond to the COPPA revisions, but it’s likely that the updated regulations will impact mobile app use in K–12 learning,” says Michelle Luhtala, department chair at the New Canaan (CT) High School Library.
“Many apps don’t function properly without permission to access geolocation information, photographs, audio files, and videos,” adds Luhtala. “Schools that integrate mobile app use in the classroom often require students to download apps during the school day when parents are not available to grant permission. It’s possible that the new rules will create an age divide within schools—scaling back flexibility among the under-thirteens.”
In Caldwell-Stone’s view, the regulations may “become so onerous that it becomes a burden to young people who want to use the tools.” She adds, “parents will have to be there facilitating this, or else the kids will be shut out” of many online resources. Or children will “lie about their age.”
Luhtala says that when schools hire services to deploy mobile applications, “2013 COPPA will add an extra layer of permissions with which to wrestle.”
Gretchen Caserotti, library director of the Meridian (ID) Library District, notes that the amendments may hinder kids’ exploration and sharing of hobby apps.
“I do appreciate the effort to protect kids, but it seriously limits the possibilities that are so exciting in so many new tools,” says Caserotti, also chair of the ALSC (Association for Library Services to Children) Children and Technology Committee. “Imagine if your older child is really engaged in diy.org for kids, and could discover other maker kids in his or her city through the app. Just like libraries connect kids from different schools, neighborhoods, and life worlds, these tools can provide new ways for kids to connect with each other.”
Caserotti adds, “I’m personally incensed that it permits direct advertising.” Under the new rules, businesses will still be able to collect data without parental consent for some purposes—including limited advertising. “COPPA’s parental notice and consent requirements don’t kick in if the identifier is used solely to support the internal operations of the site or service,” according to COPPA documents. Such “internal operations” include “contextual advertising, frequency capping, legal compliance, site analysis, and network communications.”
Some data companies lobbied against the COPPA revisions, saying that the cost of enforcing them would be prohibitive and stifle innovation, as reported in The Hill and other outlets. Under the new rules, platforms like Google Play and the Apple App store will not be held liable if items sold on their sites are not COPPA-compliant.
How will COPPA play out? Caldwell-Stone notes that currently, “Parents are the greatest enablers of under-13 going on Facebook.” With the tighter rules, “We might see enforced verification of age in ways we don’t want to see.” She points to a scenario in which kids are “borrowing mom and dad’s wallet for a few minutes” to get the credit card verification they need to gain access to a site.
But overall, “the philosophy behind COPPA is not something we object to,” says Caldwell-Stone. “The controversy over the new regulations is that they’re much more stringent. I’ll be interested to see how these regulations actually shake out.”
The FTC issued two supporting documents to help consumers and companies understand them: a guide for parents, “Protecting your Child’s Privacy Online,” and a “Six-step Compliance Plan for your Business,” advising organizations how to abide by the rules. An FTC video, “Protecting Children’s Privacy under COPPA,” also outlines the amendments.