Bonum Certa Men Certa
IRC Proceedings: Sunday, March 21, 2021 | EPO Board of Auditors is Incompetent and Patently Unfit for Purpose

EPO and Microsoft Collude to Break the Law -- The 'Smoking Gun': Hard Evidence That the EPO Has Been Lying About GDPR Compliance

What the EPO says:

EPO CA-20-19 page 49 of 88

Summary: The EPO's Annual Reports of the Board of Auditors help show that the cronies of Benoît Battistelli have been lying all along about GDPR compliance; António Campinos is, as expected, just another one of those Battistelli cronies, in effect passing EPO funds into a gambling black hole and overseas violators of everybody's privacy

We have managed to track down copies of the "audit reports" which allegedly confirm a close alignment between the EPO's data protection framework and the GDPR.



As far as we have been able to work out, the "audit reports" that the EPO refers to in its data protection "puff pieces" are the annual reports of the supposedly independent Board of Auditors (warning: epo.org link). One of these "independent" auditors is Battistelli's old crony from the INPI, Frederic Angermann.

" One of these "independent" auditors is Battistelli's old crony from the INPI, Frederic Angermann."Anyway, the annual audit report is usually issued as Administrative Council document no. 20 at the end of April or beginning of May each year.

So for 2020, the document is numbered CA/20/20 [PDF].

For 2019 it is CA/20/19 [PDF] and for 2018, the reference number is CA/20/18 [PDF].

"From this it can be seen that the the annual reports of the Board of Auditors just parrot the party line of EPO management..."We've made local copies as we want this to last and remain unchanged, just in case something mischievous was to happen at the EPO's end. As happened in the past...

The documents are publicly available via the official webpage of the Council (warning: epo.org link) and can be found using the search keyword "auditors".

The first mention of GDPR is in the 2018 audit report, CA/20/18, on page 6 of 81:

42) As of 25 May 2018, a new, uniform General Data Protection Regulation (GDPR) on data privacy will apply across the European Union (EU) to all organisations collecting and/or processing data from EU residents. 43) On July 2017, the President issued a task force with a mandate to assess the potential impact of this new EU GDPR on the EPO's current data protection guidelines. 44) It is noted that the EPO's current data protection guidelines are relatively closely in line with the new GDPR. However, an action plan is in place to address the potential impact of the GDPR on the EPO.


EPO CA-20-18 page 6 of 81

The 2019 audit report, CA/20/19, contains the following statement:
259) The new European General Data Protection Regulation (GDPR) has been in force since 25 May 2018. Even though the EU regulations do not directly apply to the EPO as an international organisation, basic principles have been implemented, as European citizens' data is processed at the EPO.


It then goes on to talk about a the implementation of a "data protection register to record all the processing operations carried out on personal data" which can be accessed by EPO employees on the EPO intranet. It is not accessible to external data subjects but external parties can make a data subject access request "thus ensuring the right to information". This is followed by a recommendation that data protection register needs to be updated and to be completed in order to ensure that all relevant information is available.

The report then states that the EPO's IT department, referred to as IM (= Information Management) is "only involved in the GDPR analysis on a high-level basis" and that IM does not prepare the necessary implementation, such as deletion concepts.

This section of the report concludes with a recommendation to include IM much more in the GDPR evaluation "to ensure that technical and organisational measures are addressed adequately. Additionally technical solutions need to be evaluated."

The 2020 audit report, CA/20/20, contains a section entitled "Analysis of implementation of GDPR requirements in the HR area" on page 7 of 89. According to this:

41. Since the Office, as an international organisation that does not fall under the EU regulations, is not subject to the General Data Privacy Regulation (hereinafter: "GDPR"), the internal "Guidelines for the protection of personal data" were developed and introduced by the Office with the latest revision in 2014. The abovementioned guidelines are very close to the requirements of the GDPR and Regulation (EU) 2018/1725 and as such are to be implemented and followed by the Office.


EPO CA-20-20 page 7 of 89

There are two short paragraphs explaining that "audit procedures were carried out in respect of the adherence of the Office to the requirements of the above-mentioned guidelines within the HR area" and that the audit "resulted in a number of recommendations", such as the need to update the Data Protection Registry and to define retention and deletion periods and actions for events such as retirement and leaving the Office.

"There hasn't actually been any independent audit of the EPO's data protection framework to determine the level of GDPR compliance."Additionally, it recommends that "the awareness of the responsibilities of controllers in terms of data protection topics should be raised, and regular training sessions should be held for the HR department, as well as for other departments working with the personal data, to inform them about critical areas in the data protection process."

From this it can be seen that the the annual reports of the Board of Auditors just parrot the party line of EPO management according to which "the EPO's current data protection guidelines are relatively closely in line with the new GDPR" (CA/20/18) and "the internal 'Guidelines for the protection of personal data' [which] were developed and introduced by the Office with the latest revision in 2014 ... are very close to the requirements of the GDPR and Regulation (EU) 2018/1725" (CA/20/20).

There hasn't actually been any independent audit of the EPO's data protection framework to determine the level of GDPR compliance.

All that we have are bald assertions of GDPR compliance by EPO management which have been rubber-stamped by the auditors without further ado.

"All that we have are bald assertions of GDPR compliance by EPO management which have been rubber-stamped by the auditors without further ado."Given that EPO management claimed at the time of adoption of the EPO's internal "Guidelines for the protection of personal data" in 2014 that they were closed aligned to the earlier EU Regulation (EC) 45/2001, it remains to be explained how these same Guidelines could now manage to be compliant with the GDPR which was not adopted by the EU until 2016 and entered into force in 2018.

Of course it's complete nonsense but as long as nobody actually goes to the trouble of carrying out an independent audit who's going to notice anything?

IRC Proceedings: Sunday, March 21, 2021 | EPO Board of Auditors is Incompetent and Patently Unfit for Purpose

Recent Techrights' Posts

Dr. Richard Stallman in Ada Lovelace Lecture Series 20 Hours From Now in Lucerne School of Computer Science and Information Technology (Rotkreuz)
Well-connected and affluent corporations want everything to be controlled by them, ranging from culture to words and news
 
Gemini Links 05/03/2026: Industrial Panettone, Cancel, and LLMs
Links for the day
It's Not "AI", IBM is Collapsing Due to Financial Difficulties, "All Small Country Offices Will Close"
IBM is in trouble. Insiders know it.
"AI Companies" Running Out of Money, GAFAM Layoffs Are Signs of Weakness, Not "AI Efficiency" or Novelty
In the past, this term ("AI") had another meaning and connotation
Libel/Defamation Law Does Not Exist to Cover up Crimes
The projection tactics are nothing new
Myanmar/Burma: Growing Acceptance of GNU/Linux, Big Losses for Windows
GNU/Linux has come close to 5% there
Without IBM, Microsoft Would Not Have Taken Off. Both Companies Need to be 'Taken Down'.
Maybe it's time to boycott IBM as well
'Former' Red Hat Staff Upset That Techrights Covers IBM Accounting Problems
Are we touching a sensitive subject at IBM?
Ubuntu is Controlled by a Youngster From the British Army (Background in Mass Surveillance), So One Can Expect Ubuntu to Not Respect Privacy
"Canonical is aware of the legislation and is reviewing it internally with legal counsel"
IBM Hates Computer Freedom. This Means Red Hat Too is an Enemy of Software Freedom.
A summary of Fedora's position when it comes to "attestation"
IBM Union Says Many IBM Layoffs in Europe, With Netherlands and Belgium Confirmed, Allegedly Italy Soon (200 Layoffs)
IBM's demise will harm Red Hat and already harms Red Hat, according to whistleblowers
Microsoft and Microsoft's 'Open' 'AI' Seeking Bailout From the Pentagon Means Brand Erosion
Microsoft and its offshoots growing more and more dependent on military ("defence"; "Department of War") budget
Another EPO Strike a Fortnight From Now, Local Staff Committee Munich (LSCMN) Shares 127-Page Document Explaining How Policies Impact EPO Staff
The Office is circling down the drain
Microsofters' SLAPP Censorship - Part 3 Out of 200: A More In-Depth Breakdown
presents the narrative in a less chronological and more logically coherent fashion
2026 Seems Like (Potentially) the Last Year of Slop Drowning News Sites
Sites that do so perish [...] It's getting hard to find slop in news sites which cover "Linux" because many gave up
Links 05/03/2026: New LexisNexis Data Breach Confirmed, "Goldman Sachs Head During Financial Crisis Says He “Smells” a Similar Crash Coming"
Links for the day
"Silent Layoffs" or "Forever Layoffs" at IBM and Red Hat (After Bluewashing)
Like every day (all day long) we can see people who leave IBM and say something that's based on a 'script'
Free Software Foundation (FSF) and Others Promoting String of RMS Talks, Starting Tomorrow in Lucerne School of Computer Science and Information Technology
Well done, FSF!
Links 05/03/2026: A Bet Against Substack, American Government Openly Hostile Towards Environment
Links for the day
Gemini Links 05/03/2026: Greed and Sentiments Shifting Against Slop
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, March 04, 2026
IRC logs for Wednesday, March 04, 2026
FSF Promoting Richard M. Stallman (RMS) Talk in Switzerland in Just Over a Day From Now
RMS may have more talks on the way
Why Slop Will Flop - Part IV - We've Seen the End of It
Some years ago they insisted blockchains would revolutionise everything
Android is Proprietary 'Linux' and It Becomes More Malicious Over Time, Google Only Delayed What It Planned All Along
Google is a proprietary software giant, GSoC is only a distraction and confusion
Links 04/03/2026: Scam Altman Causes Chatbot Sub Numbers to Plunge, "Stocks Drop as Inflation Risk Emerges"
Links for the day
Why Slop Will Flop - Part III - Our Relationship With Slop (and Yours)
I never - except inadvertently - "used" an LLM-based chatbot
Why Slop Will Flop - Part II - Devil in the Details
News sites or social control media sites which tolerate slop are digging their own grave
Simpler Means Faster
Do you know your bottlenecks?
Gemini Links 04/03/2026: About a Missing Symbol and "Good Manners"
Links for the day
The Register MS Takes Money From Chinese Surveillance Threat to Promote a Ponzi Scheme
"Sponsored by Huawei."
Nicaragua's GNU/Linux Usage Measured at Over 8% by statCounter
Nicaragua is a poor country, but it also has rich culture
Why Slop Will Flop - Part I - Slop Fatigue Prevalent
See, sooner or later people (audiences of colleagues) find out and as soon as they find out you are slopping, they will lose interest
Microsofters' SLAPP Censorship - Part 2 Out of 200: Detailed Timeline From 2012 (Attack on Reporters That Question Restricted Boot) to 2024 (Lawsuit Against Reporter and His Wife in Another Continent)
we reproduce a document produced 2 years ago to give people more context and more facts
Links 04/03/2026: "The EU moves to kill infinite scrolling" and a call to "Nationalize Amazon"
Links for the day
Coming Soon: Evidence of Abuse in Our IRC Network
IRC's freedom can sometimes be its 'weakness' if not properly guarded
High GNU/Linux Adoption in Brunei Darussalam
It's worth noting (or at least noticing) that Microsoft loses ground in some of the countries where the government contracts paid the most
Media Blackout Reducing or Preventing Press Coverage of Microsoft Layoffs in 2026
Worse yet, there will be gaslighting and deceit
GNU/Linux in Laptops/Desktops Still Matters, It's Likely the Only Way to Achieve Software Freedom
Software Freedom requires all sorts of things at the "OS level"
Gemini Links 04/03/2026: The Garnet Star, The Hunt, The SYN Attacks
Links for the day
The EPO's General Consultative Committee (GCC) Discussion Illuminates How Much Worse Things Have Gotten ("on Strike and Participated in the 'Meeting'")
a videoconference - not a physical meeting - discussed EPO policies
Free Software Foundation Supports Its Founder, Advertises His Talks in Switzerland
When you suppress voices, assuming the reasons for suppression are bunk, it is always bound to backfire very badly
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, March 03, 2026
IRC logs for Tuesday, March 03, 2026
Over 1,500 EPO Workers Went on Strike Last Week
a new publication which celebrates some accomplishments of industrial actions and calls for further actions
Madame Streisand Wanted to Censor The Web, Instead She 'Created' a New Term, "Streisand Effect"
It is basically an own goal
Solicitors Regulation Authority (SRA) Failed to Detect Fraud in Law Firms... Until It Was Too Late
Earlier today we contacted some more politicians about this and received mail from them as well
Our EPO and IBM Coverage Bears Fruit
In case insiders want to get in touch with us, please ensure or at least try doing so securely
Defending Women Isn't a Crime, Everybody Can Agree on That
Their culture is unlike ours
EPO "Cocaine Communication Manager" - Part VI - Influx of Spaniards and Portuguese Workers (+77%) at Europe's Second-Largest Institution, Led by the 'Alicante Mafia'
There is now data supporting this assertion, new and complete data in fact
Links 03/03/2026: "Scam Altman in Damage Control" and Oil Traffic Disrupted
Links for the day
Gemini Links 03/03/2026: Phones, LLMs, and Changes on the Web
Links for the day
Richard Stallman Confirms Talk in Bern Next Week
Dr. Stallman has just formally confirmed his third talk this month in Switzerland
Nobody is Safe at IBM (or Red Hat)
There is no job security at IBM
GNU/Linux at All-Time High in Guam
there are many computers in that island
Bad faith: Hugo Roy knew FSFE impersonating FSF before French tribunal, colleagues deceived
Reprinted with permission from Daniel Pocock
Microsofters' SLAPP Censorship - Part 1 Out of 200: Claim No. KB-2024-001270 in a Nutshell
abuse of process by a law firm working for an American who was arrested for strangling women and another American whose own spouse calls a "rapist"
When EPO Team Managers (TMs) Are Harassing People Who Strictly Apply the European Patent Convention (EPC) in Patent Examination
There are two strikes planned for this month
Confirmed: Using Slop Gets You Fired
Let the story of Benj Edwards be a cautionary tale
Links 03/03/2026: "No one wants to read your AI slop" and "chatbots in the kill chain"
Links for the day
EPO and "Equivalent to More Than 100 Days of Strike"
The industrial actions continue and already have a positive effect
Streisand Effect, the Microsoft Way
Microsoft has once again proven the Streisand Effect
Keeping Track of IBM Layoffs in March 2026
IBM depends on bribery
GNU/Linux Measured at 7% in Yemen
Windows is too hostile and dangerous
Links 03/03/2026: Security Breaches, Iceland Wants EU Membership, and "Wall Street–Backed Lawmakers Want to Help Banks Gouge You"
Links for the day
Queensland Health Payroll System: IBM billion-dollar-blowout inquiry
Reprinted with permission from Daniel Pocock
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, March 02, 2026
IRC logs for Monday, March 02, 2026
Gemini Links 03/03/2026: GrapheneOS and Keyboard Shortcuts
Links for the day