The ongoing drama over TikTok being banned outright in the United States, as it has been banned in other technology-rich democracies, or being significantly modified upon acquisition by Microsoft, is more than catnip for trolls, a welcome non-COVID distraction for a beleaguered American administration, or a tragedy for Generation-Z. It is also a terrific window into America’s need for a “declaration of digital rights” to serve as rules for the digital roads we share.
It would be prudent for the United States to define exactly what rights its citizens have online from a data privacy perspective so that they (and the firms whose products they use) can know what to expect, and what not accept, as travelers through the digital economy. Simply put, without knowing precisely what digital rights we have, it is difficult not to become skeptical of policy decisions made under the ominous, amorphous, and often politically expedient guise of “cybersecurity.”
Subjectivity appears to pervade America’s current regulatory strategy, if one exists at all. To many observers, the criticisms of certain behaviors labeled malicious sound indistinguishable from some firms’ entire business models. It is also impossible to divorce President Trump’s focus on TikTok from his ongoing, strategic insistence on assigning blame for COVID-19 on – as luck would have it – the same rival power. Additionally, it did not take the general public long to make the connection that U.S. President Donald Trump moved more quickly to float a ban on TikTok than he ever chose to on, say, assault weapons, although the danger inherent to the latter seems far more tangible to the average American than the former. It must also be noted that Donald Trump appears to be actively seeking to eliminate an application used mostly by young people to share information with one another during an election year in which the same demographic may prove decisive in delivering his duties to former Vice President Joe Biden.
Yet through these critical cries of wrongheaded regulatory priorities, there exists the reality that TikTok has, and continues, to render its users vulnerable in ways that would be unwise to ignore. That said, by floating the solution to TikTok’s security concerns to be their acquisition by a major American technology firm, even thornier questions are raised regarding what, specifically, TikTok is being “punished” for. Will improvements to the app mandated as preconditions for acquisition be sufficient? Does the US president have the authority to serve as his economy’s, and his allies’, Chief Information Officer? What specific illegal behaviors, when perpetuated by a foreign firm, become acceptable when done by an American one? Bluntly speaking, if TikTok were Swedish, or Irish, or Russian, would Donald Trump care as much about how it culls and collates user data, and would that make those behaviors any less worrisome? Finally, what does a company being Chinese, or even American, mean in 2020, when ByteDance (TikTok’s parent company) is funded by American banks and venture capital firms in addition to Chinese entities?
If you are wondering: no, this piece is not the first to suggest the specific spelling out of digital freedoms, and likely won’t be the last. While there is need for long, thought out debate on the specific components of these digital rights, here we can perhaps set out major principles within which such rights must root themselves. The following principles feel most essential to the project being proposed: enforceability, universality, and user-centeredness.
That first principle of “enforceability” is essential to the two that follow, as a rule without teeth is useless in combatting abuses by the world’s most powerful firms and governments, but may prove an innovation-stifling hinderance to less-established competition. While TikTok has already committed and been reprimanded for egregious offenses under America’s Children’s Online Privacy Protection Act (COPPA), its associated penalties amounted to a speeding ticket, and barely dented its popularity among its growing user base. That said, COPPA serves as a good baseline to work from politically. If it can be broadly agreed that children’s digital privacy is worth protecting via sensible regulation, it seems logical that that same principle could inform further clarifying guidance as to how firms and governments ought to behave toward users and citizens online.
“Universality” is the second essential principle upon which to found a declaration of digital rights. Such a declaration only makes sense if applied to the totality of the digital populace, and if successful in the United States might still lead further adoption of its major principles around the world. But universality should not only refer to those protected, but to those entities to whom it applies. A restaurant chain that collects diners’ email addresses can just as readily misuse customer data as a large search engine or social network, and a domestically-founded firm might introduce domestic security threats more expansive than a company founded in a rival, even adversarial, power.
The model for this principle is GDPR, or the European Union’s General Data Protection Regulation. Not only does this comprehensive set of privacy regulations apply across Europe, but to citizens of EU member states wherever they reside, or access the internet. By covering the entirety of Europe GDPR has, in effect, become a de-facto rule of the road for all global digital business, so much so that Microsoft has advocated for the expansion of similar regulation into the United States in the spirit of creating a seamless regulatory structure for increasingly globalized firms to navigate. This truth transforms the potentially daunting task of regulating the entire world’s behaviors into the much more feasible codification of principles that are, largely, already baked into digital business that wishes to operate in the world’s most advanced economies.
The final principle of a declaration of digital rights must be that of user-centeredness, or the idea that both globally and in specific, uncertain situations where a user’s and a service provider’s freedoms are weighed against one another, the “tie goes to the user.”
The guiding light for this principle is that founding document which America’s original Bill of Rights amends: The U.S. Constitution. Though GDPR fights valiantly to determine and define every conceivably instance of infringement upon individual data privacy, a similar attempt in this vein might lead to confusion via the unintentional omission of a circumstance or technology unforeseen at the time of writing. The Constitution’s Tenth Amendment reserves powers not delegated to the federal or state governments to the people themselves for all coming time. Any declaration of digital rights should conclude with similar language to foreclose the possibility of the erosion of digital rights via the better, faster, stronger technologies to come. Whatever is currently available and whatever comes next must place users, and their privacy and protection, at the center of development. A tool or company that cannot function or subsist without taking illegal liberties with their users’ data should simply not exist.
There is already talk of a “next” TikTok because TikTok was really just the next Vine. While we cannot know where the next cybersecurity threats may arise, we can and must anticipate the vulnerabilities and rights those threats will target. They are the same freedoms democracies have struggled to protect for centuries. What a shame to trade them for 15 seconds of dancing.
The views expressed in this article are those of the authors alone and do not necessarily reflect those of Geopoliticalmonitor.com or any institutions with which the authors are associated.