The United States and Tik Tok, between national security and protection of fundamental rights

The latest episode in the TikTok saga is the US deceleration on the Chinese company’s compulsory sale. However, the problems opened by the little Sicilian girl’s death caused by participation in a challenge are still unresolved. The analysis of Andrea Monti, professor of law of order and public security at the Gabriele d’Annunzio University of Chieti-Pescara originally published in Italian by

The old ‘carrot and stick’ metaphor explains how the President Joe Biden is going to handle the relationships with China. On the one hand, the Biden administration reaffirms its commitment towards human rights. On the other hand, it reduces the aggressiveness towards Chinese companies that operate (also) in the US. This translates into keeping the Hong Kong and Uighur dossiers open and relenting the pressure to force-sale of Tik Tok. Its activity is going to be re-assessed before the final decision.

The previous Trump administration was concerned about the Chinese social network to share US citizens’ data with the Chinese government. A circumstance that the Asian big-tech company has always denied.

Data sharing with the government is closely linked not only to passive public order and security issues (behavioural analyses, dossier-builiding). It also implies active measures such as propaganda and inducing anti-social behaviour. Never as in our times has information-based soft war been able to have such a surgical and devastating effects.


To limit the analysis of the Tik Tok phenomenon and its impact in terms of national security to the sole (albeit relevant) issue of  users’ data exploitation  is somewhat reductive.

Tik Tok has been able to collect so much data as to be perceived by the United States as a danger to national security, thanks to the industrial model that characterizes the American big-tech companies: the one based on the misunderstanding that the services offered are free because they are not paid for in money. In the (induced) common perception, the absence of payment implies that the ordinary aspects of contractual negotiation, from ascertaining the contracting party’s identity to ascertaining its age, need not be handled rigorously.

In reality, this is not the case because as early as 2000, in the Alcei-Libero case, the Italian Competition and Market Authority found that offering a service in exchange for the right to access user data did not mean that the service is free of charge. After all, the user paid for the service in personal information. Moreover, even if this conclusion were not correct, the fact remains that access to (also) online services always requires entering into an agreement. Consequently, also if the user of a social network is ‘only’ asked for payment in personal information or even if it were completely free of charge, the platform owner would still be required to identify the user and verify his or her age. This is necessary to determine whether the contracting party has the so-called ‘capacity to act’, i.e. the ability to perform legally binding acts. Under the Italian law (Article 1425 of the Civil Code) a contract concluded with a minor is temporarily valid, but voidable. This means that as long as the parents do not contest what has happened, the contractual relationship remains in place and cannot even be annulled if the child has used deception to conceal his or her age (e.g., using a parent’s details).

These rules were conceived at a time when the child could only enter into ‘micro-contracts’ (buying soft drinks or stickers) and certainly not for a time when the child is at the centre of powerful commercial interests (the issue of ‘child consumerization’ is as essential as the legislator hypocritically neglects it). Nonetheless, they would already be enough to curb the overwhelming power of social-networks of any nationality: it would be enough for parents to challenge the validity of the contract for the use of the platform to force it to stop the service, and the power conferred by the Data Protection Regulation to request the deletion of their children’s data.


This simple and immediately operational solution is not considered by the EU and Italian legislators, nor by case law. To be more royalist than the king, it would be enough for some ruling to establish that verification of the contracting party’s identity is a duty of the provider of distance services and that, consequently, the adoption of “weak” practices invalidates the value of the contract. On the contrary, legislators continue to get bogged down in proposing position papers, charters of rights and new regulations when it would already be possible to act without wasting any more time.


Following the death of the Sicilian girl, the Italian Data Protection Authority raised the issue of verifying the contracting party’s identity and ordered Tik Tok (regardless of whether the order was actually binding) to ‘strengthen’ its procedures. Tik Tok complied spontaneously, thus avoiding the issuance of a formal order. However, this does not change the fundamental issue at stake, which is not the protection of personal data but the contrast between public order and industrial interests.
Applying the laws in force, and thus verifying the actual identity of the contracting party, would have an immediate effect in terms of increasing security (adults would always be informed of the use of the account) and digital sovereignty (the use of Spid would leave the data in Italy or, at worst, in Europe), fake news would be reduced because it would not be possible to leave false data. Privacy would be guaranteed by protected anonymity, an approach already theorized in the US since 1992 and then taken up in Italy by Stefano Rodotà.


Bans can indeed be circumvented, but as mentioned, this is a structural issue: can we allow, given the criticality assumed by information technologies, the digital ecosystem to be inhabited by unidentified subjects as a ‘default setting’?

It is not ‘only’ a matter of protecting the fundamental rights and freedoms of the individual, but also of guaranteeing the certainty of transactions and the regularity of exchanges (also) online, and of avoiding the instrumentalization, not only for commercial purposes, of information relating to citizens, businesses and institutions. This means, in other words, speeding up the policies to reappropriate the digital identity of Italian citizens that were launched with the creation of Spid. If a law were needed, it would be one requiring its use in any transaction involving Italian citizens. The results would be immediately perceptible in terms of more excellent protection for vulnerable persons (not only individuals) and limiting non-EU technology companies’ excessive power.

However, political will aside, the most significant difficulty of such a choice would be caused, paradoxically, by the users (and parents in particular) of social-networking services. They have become accustomed to exercising ‘power without responsibility’, lulled by the false perception of anonymity that would protect them from unwanted attention from the public authorities. Moreover, they might not like the reality-check caused by the imposition of the use of Spid, even if this means continuing to leave their fundamental rights unattended.


The executive’s control over national security has been progressively eroded in managing relations with technology providers and interacting with citizens. The former, as demonstrated by the management of legislation on the Italian cybersecurity perimeter, affects government choices by exclusively controlling the release of software and equipment on the market. The latter, transformed into a digital swarm, like the flocks of birds flying over Rome, assemble and disintegrate into a thousand forms. Now they are part of one group, now of another. They have lost the sense of culturally identified belonging. They have replaced the sense of community held together by values and fundamental rights with über-rights: individualized and individualized claims to be asserted against anyone, including the state.

This process of individualization – amplified in its effects by the social distance imposed by the pandemic – distances the individual even further from his or her status as a citizen, with the easy and inevitable consequences in terms of the overall tightness of national security and public order. This is why data sovereignty and digital identity are of primary importance in Italian innovation public policies.

Leave a Reply

Your email address will not be published. Required fields are marked *