Good point from the INRIA paper
"We underline the importance of this debate and encourage to compare technical solutions based on privacy risk assessment rather than on ill-defined catchwords such as ”centralised” vs ”decentralised"
Something can be decentralized but by horrible in term of privacy. Let's focus on risk assessment rather than on dogmatic approaches.