What follows is a translation of the original French Quelques enjeux de l’interopérabilité.
Until now I could escape Facebook : I have no interest in “having to” talk to people “on Facebook” or to give my consent to this company’s practices incompatible with my ethics. Given its dominant position, I have a doubt in my individual capacity as a citizen to resist an interconnection with Facebook that would be imposed from above.
Consent and interoperability
The General Data Protection Regulation (GDPR) provides explicit consent to data usage. But within the scope of interoperability, refusal to consent to any predatory use must not interfere with communication. In other words, the predatory platform, if it becomes interoperable by force of law, must not acquire the capacity to monitor participants in a conversation between its users and people exterior to its platform: this would be a serious violation of privacy of the people in communication.
Interoperability and interconnection
Yes, interoperability is necessary, but it is not a miracle solution to limit the power of GMAFIA and the capacity to exchange with these services could depend on our identification to them, thus our acceptation of their conditions. GDPR imposes explicit consent for the treatment of personal data (articles 4.11 and 7) that we, non-users of these predatory services, refuse to give: we won’t be able, a priori, to interact with these accounts with whom we can only connect to by accepting the unacceptable terms of service of their operators, hence interoperability cannot work since it resolves into an “interoperability without interconnection.”
Interconnection and data portability
Before rushing on the idea of interoperability of the Internet giants with open standards, it is therefore necessary to ensure the implementation of the GDPR so that users trapped in the platforms can export their data through the use of standards (e.g. ActivityPub). Thus, by allowing users to regain their digital sovereignty and regain control of their personal data, we can kill three birds with one stone: weaken the giants with questionable practices, strengthen existing European law, and observe the emergence of social media decentralization in line with European values and the charter of fundamental human rights.
Interoperability, interconnection and consent seem to us to be the nerve center of the debate, however it remains complex and overflows in all directions, for example – and this remains open to discussion without being exhaustive:
the existence of interoperable open standards, such as ActivityPub, XMPP, etc. must be supported, notably to allow users in silos to change services – but without losing information, especially because “personal data”, usage history and existing conversations, contacts, etc. cannot be transmitted (cf. the Google Reader precedent).
a minimalist approach to authorizations to grant actors during interconnections – see notably the difference between the theory behind authorization, e.g., OAuth, and their actual implementations of all or nothing (or: why do you need access to my contact list to pass a message?)
interoperability does not mean decentralized, the Facebook algorithms will remain dominant and predatory, and will work in parallel to independent decentralized services.
we cannot accept that public services use or impose usage of private services: why not then start with explicitly exposing the issue of centralization and committing ourselves to unwind their presence within our institutions, our schools, our health system, our administrative communications. Institutional support to open standards, as practiced by the Commission within the scope of Next Generation Internet, would reinforce them instead of giving implicit legitimacy to centralized systems by merely asking those to be compatible with standard protocols.
In other words, interoperability alone remains insufficient, and can even prove harmful.