Introduction
In April 2022, the European Data Protection Supervisor (EDPS) launched a new project to participate in federated social media, the more well known “fediverse”. One year later, the results of this pilot were examined, and a talk was given by Wojciech Wiewiórowski the supervisor of the EDPS. The talk highlighted the benefits, drawbacks, and significance of the project for data protection in the EU moving forward. In this post, I will first give an explanation of the fediverse, provide a description of the EU project, summarize Mr. Wiewiórowski’s talk, and finally provide my own conclusions about using a federated services for data protection in the EU.
Background
When Mr. Zuckerberg (and his now ostracized partners) created Facebook in 2004, the website was hosted on a single server through a single platform, therefore operating a centralized network. When a person logged in, the information they provided to the website was and is stored on their server(s), to be used by the owners. By providing the information freely, you are in fact giving away your information along with confirmation that you accept giving this information away. Other information you are giving away includes data which is less obvious, such as your activity, how you spend your time on the website, what you are clicking on, what articles you are reading more often…
When you log into most social media services, such as X (ex-twitter), Reddit, Instagram, Discord, Youtube, Linkedin, amongst others, you are logging into a service with a single owner -a company- run on a server or servers owned by them, the data of which they have exclusive access to. Therefore, all the data you may provide or which they may collect becomes their property, to sell at their discretion. This is their business model, which is why these services are very often completely free.
A primary feature of these social media platforms is that they cannot communicate with each other, their protocols in other words are not open. In this way they are unlike services such as email, which has open protocols, or the capacity to communicate with other email servers regardless of their domain name, who they are hosted by, or which company owns them. In other words ivan@yahoo.com can conveniently communicate with ivana@hotmail.com. This means that the email service is federated. Each organization is free to run their service however they want, but they must all work and communicate within one larger framework.
Social media is very much not federated. A facebook account can in no way directly communicate with a youtube account, either through chat or following options. One may post a hyperlink from one to another, and tools have been created to embed links for a more seamless appearance, giving the feeling of interconnectedness. But in the end, closed protocols ensure that they are completely separate services, under no obligation to connect to each other or give their users the option to do so, unless with their express permission.
On the other hand, the fediverse refers to a set of open protocols and servers which allow for decentralized social media, using a distributed infrastructure model. This means that when one person makes a server with a specific application in mind, say a platform for posting videos, this data can be read and shared by a separate server running a platform whose primary purpose is to post status updates. These services can of course be as separate or interlinked as their perspective owners or moderators desire; but, due to the use of the same protocols, platforms can offer greater integration and seamlessness, offering greater transfer of information and ideas for users. More importantly for the discussion of datafication, the servers are not run as businesses by companies and are therefore not centralized. Rather, they are distributed, with servers being run by independent individuals or groups, which are in turn connected to all others. This offers greater choice for information aggregation and distribution, operational choices, and user data safety (Anderlini and Carlo, 2022).
Source: Anderlini and Carlo, 2022; p. 171
The Project
This opinion seems to be held also by the EDPS, which announced last year that they would pilot the use of fediverse social media EU Voice and EU Video. Their reasoning for attempting public outreach on these relatively new and unknown platforms, is their desire to achieve data and digital sovereignty in the EU by avoiding the use of other platforms which famously are not privacy compliant.
The Results
But did their experiment work? Over one year later, EDPS Supervisor Wiewiórowski gave a talk titled “Why We Try and Why We Fail?” at the Freedom Not Fear Conference 2023. In it he discusses the department’s strategies, their goals, and the results of the ‘experiment’.
Being the data protection authority of EU institutions, the EPDS’s mission is to protect public servants across the EU from data breaches or by assisting individuals deal with data breaches caused by EU institutions. They also function as advisors for EU institutions dealing with the legislative process. Finally they function as the secretariat for the European Data Protection Board which deals with all data protection authorities.
Wiewiórowski explains that, in his eyes, their goal is not to protect data, but to protect people. In this case, personal rights concerning privacy and data protection are specifically addressed. To protect individuals and their rights, the particular agency can only act by directly addressing political leaders or through media contact. This is where social media becomes an integral part of communicating to individuals whom they are trying to inform concerning their rights.
In order to accomplish this better, a suggestion was made to avoid big American corporate social media which were thus far used. The irony was not lost on them, that communicating about data infringements and privacy rights through traditional social media which have so often been caught sidestepping or breaking regulations is not ideal. Wiewiórowski explains that “I have nothing against big, I have nothing against American, I have nothing against platforms. What I don’t like is that we are dependent.”
Here dependence is connected to the ideas of sovereignty and equality amongst partners. European authorities do not have the power individually to bargain and agree with these large corporations about how to manage their policies. Therefore, the two parties are not equal. Our reliance on these services to communicate, an essential part of society and a healthy democracy means that a vital prong of our ability to rule and govern ourselves is lost, thus a loss in sovereignty.
Therefore, the attempt to use the fediverse was made. It allows for user empowerment, being able to make changes and choices within the various servers and platforms, due to preferences of use, rights, management or content, offering true interoperability. Further, users are not tracked and how data is collected and handled is transparent, making it ideal for government communication, and individual protection.
Unfortunately the project failed, as demonstrated by a graph comparing user interaction on different platforms. For example, while EDPS posts on Twitter garnered 29 thousand retweets, and Youtube videos received 3 thousand views, EU Video received 700 views. The video I have been discussing thus far has 93 views at the time of writing (30/9/2023) on EU Video.
The project failed for a number of reasons. First, while the instances (servers) were made and maintained, and while many EU institutions participated and made their own instances to cooperate, the European Commission declined to commit to full cooperation, citing a lack of people and money in the project leading to its amateurish appearance and management. Second, the fediverse is sparsely populated by the public, meaning that for politicians, a platform with a larger audience is naturally where they will migrate to. Therefore, funds and expertise will be diverted to developing traditional social media accounts.
Wiewiórowski’s conclusion is that there is a cost for data independence, specifically an economic and a political one. If there are no voters on the platforms, there is no reason to use funds to develop a social media presence on such. The choice is therefore made de facto to use the more popular “big American platforms”. There is no political or public will, thus far, to make the switch.
Concluding Remarks
As Anderlini and Carlo (2022) note, “technology does not determine per se the output – distributed networks are not ‘better’ or ‘freer’ than centralised networks.” (172) They merely allow users for more options and choices, encouraging creativity, interconnectivity, and safety.
This same fact may in many ways be its undoing, limiting the migration of users from commercial social media to new alternative choices. Facebook is made identical for everyone. Once the platform is learned and its logic understood, users feel safe in its structure, appearance, and user-friendly experience. Migrating to any new platform may be slow and difficult, especially when such use strange terminology, with user interfaces or apps which are not clean and perfectly de-bugged, and most importantly, which nobody can teach them how to use because nobody is using it. (Yet).
Reference:
Anderlini, Jacopo, and Carlo Milani. “Emerging Forms of Sociotechnical Organisation: The Case of the Fediverse.” Digital Platforms and Algorithmic Subjectivities, edited by Emiliana Armano et al., vol. 24, University of Westminster Press, 2022, pp. 167–82.
