COVID has made online library card registration essential in many areas. What do we need to consider when dispensing online (temporary cards that allow access to e-resources) and physical library cards to children? At what age, and under what circumstances do we need to get a guardian's signature? Can we require some form of ID for children?
I remember getting my first library card at the Utica Public Library with my Dad, circa 1985. It was a right of passage: something "official" before I could drive, or work, or vote; a stepping-stone to adult life.
Of course, back then, we didn't have the Child Online Privacy Protection Act, the SHIELD Act, or the GDPR. We did have CPLR 4509, but if that was part of the application, I probably assumed it was what the library would use to revive me if I had a heart attack in the stacks.
But enough of Memory Lane: this question is rooted in 2020, a time of pandemic, of online ecosystems, and of growing awareness about personal privacy and data security. During this time, a library putting in place direct access to services for children in the ways listed by the member is a critical service, and as the member points out, introduces a lot of legal factors to think about.
To answer the member's questions, let's dive into them.
Contracts and Kids
Since the relationship of a library to a patron is (among other things) contractual, and in New York a person (generally) cannot be held to a contract until they are 18, any terms a library wants to be able to enforce on a minor must require legal consent of a parent or guardian...and in some cases, the contract really is just with the parent or guardian (who I will call "P/G" for the sake of efficiency going forward).
This, by the way, doesn't mean a library can't let minors have a card and borrow books (or have online access, or be in the library) without the signature of a parent or guardian—it just means if you want to enforce any contractual terms against those minors (like the requirement to return borrowed books), it's best to have a P/G's consent along for the ride.
Contracts and the Internet
Most contracts—including those signed by P/Gs binding minors—can be entered into electronically, and a contract signified by a library card is no exception. So yes, a patron, including a child, can get a library card or access to services through an electronic signature.
(Just in case you want the nation-wide definition, an "electronic signature" is "an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.")
What about COPPA?
When a website specifically provides services to children, we often have to consider the Children's Online Privacy Protection Act, or "COPPA." But not today, since COPPA expressly states that the law applies to "commercial" websites and online services and generally not to nonprofit entities like a library.
Although nonprofit entities are generally not subject to COPPA, the FTC "encourages such entities to post privacy policies online and to provide COPPA’s protections to their child visitors." Since libraries are sticklers for privacy, this makes sense, but if your library does this when setting up online resources for minors, don't call it "compliance with COPPA," call it "doing it the right thing because we want to."
Should we require a parent?
COPPA, by the way, is one of the laws that uses the age of thirteen as the cut-off age for children being able to sign up for things (commercial or otherwise) on their own. In my experience, 13 is also the age when insurance carriers decide children transition from "vulnerable" to simply "minors." For this reason, many content providers and services (including libraries) bar access without a parent to those under 13.
All of which is to say: while there might not be a legal requirement to involve a P/G, in general, I'd say this is a good practice. Good—but not required. Remember, to legally enforce any conditions (collect fines), you need a P/G's signature, but if you just want to let a kid borrow a book without consequences enforceable in court, you don't.
Let's see some ID?
Okay: you're set with electronic signatures. You know you need to get P/G into the mix for patrons under 18. You're "Doing The Right Thing Because You Want To" when it comes to soliciting information from minors under 13. Do you need to see identification to make things official?
If the privileges the library card or access grants come with conditions you will need to enforce in a court of law (fines, damages), it is ALWAYS better to get some form of identification or proof of address. I say this, because when lawyers sue, proper ID and proof of address is how they know they are suing the right person.
Similarly, if there is an age or residency requirement, or a financial element (for instance, loading money onto an account), or if a person is to have access to another's account, you might need to require ID.
Because the need for it will vary, when to require ID is a good question for your local attorney. From my perspective, if a person is allowed to take out more than $10,000.00 worth of library assets at a time, or a library wants to be able to collect fines, I'd want to know how to enforce a return of those items. Similarly, if patrons are allowed to access services from third-party vendors through their library card (software programs, audio books, anything governed by a third-party license), and there are consequences for a violation, it is good to have solid information about who your patron really is.
The problem is, if you are going to require ID, you must have a solid policies and procedures that address:
Basically: the reason a library would require ID—aside from verifying that a person lives in the relevant area of service, or is who they say they are—is to collect damages or to legally enforce conditions the patron has agreed to as a condition of a card. Since that is an unpleasant business, its best to avoid it whenever you can...but when it's important, it's important to do it right.
I enjoyed writing this answer, because as part of it, I got to poke around and see how different libraries are solving this issue. I saw some great stuff, including a temporary e-access system that let the technology do all the work (requesting verification of age via click-thru, using location services to confirm location in NY, imposing conditions on digital content via function without the need for legal enforcement mechanisms).
It is good to see when the law inspires, rather than quashes, creativity and information access. I hope your library and library system finds this helpful as you imagine new ways to connect people to vital services!
 Requiring libraries to not release an individual's library records to a third party.
 There ARE some exceptions, but unless your library is hiring a minor to act in their movie, or selling a married couple of 17-year-olds a house, they shouldn't apply here (see General Obligations Law § 3-101).
 (15 USCS § 7001) states: "a signature, contract, or other record relating to such transaction may not be denied legal effect, validity, or enforceability solely because it is in electronic form."
 This definition's use of "electronic sound" created a rabbit hole where I envisioned a series of "auditory" contract signature proceedings where a person uses their Spotify Playlist to accept contracts.
 15 USCS § 7006
 Entities that otherwise would be exempt from coverage under Section 5 of the Fair Trade Commission Act, which most if not all libraries are.
 You can find this "encouragement" at https://www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked-questions-0
 A great guide for "doing the right thing" is here: https://www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked-questions-0#A.%20General%20Questions
 By "enforce conditions," I mean contractually, in a court of law. A library can always ask a 12-year-old to pipe down, and enforce its Code of Conduct if they do not. But to collect fees, get a P/G signature!
 This question is critical to a library's mission. While there is no "right" answer, I can say that even facially neutral things such as asking for utility bills, pay stubs, or non-driver ID can alienate people within a library's area of service. I advise maintaining a list of ID types that includes "the usual" types of ID (driver's license, ss card, birth certificate, non-driver ID), and some other types, as well (report card, lease, or any correspondence from a government agency (with private information redacted)). The list maintained by NYPL, who clearly gets this issue, made me smile: https://www.nypl.org/help/library-card/terms-conditions.