Gemini version available ♊︎

EPO and Microsoft Collude to Break the Law — The ‘Smoking Gun’: Hard Evidence That the EPO Has Been Lying About GDPR Compliance

Posted in Deception, Europe, Law, Microsoft, Patents at 6:56 am by Dr. Roy Schestowitz

What the EPO says:

EPO CA-20-19 page 49 of 88

Summary: The EPO’s Annual Reports of the Board of Auditors help show that the cronies of Benoît Battistelli have been lying all along about GDPR compliance; António Campinos is, as expected, just another one of those Battistelli cronies, in effect passing EPO funds into a gambling black hole and overseas violators of everybody’s privacy

We have managed to track down copies of the “audit reports” which allegedly confirm a close alignment between the EPO’s data protection framework and the GDPR.

As far as we have been able to work out, the “audit reports” that the EPO refers to in its data protection “puff pieces” are the annual reports of the supposedly independent Board of Auditors (warning: epo.org link). One of these “independent” auditors is Battistelli’s old crony from the INPI, Frederic Angermann.

” One of these “independent” auditors is Battistelli’s old crony from the INPI, Frederic Angermann.”Anyway, the annual audit report is usually issued as Administrative Council document no. 20 at the end of April or beginning of May each year.

So for 2020, the document is numbered CA/20/20 [PDF].

For 2019 it is CA/20/19 [PDF] and for 2018, the reference number is CA/20/18 [PDF].

“From this it can be seen that the the annual reports of the Board of Auditors just parrot the party line of EPO management…”We’ve made local copies as we want this to last and remain unchanged, just in case something mischievous was to happen at the EPO’s end. As happened in the past…

The documents are publicly available via the official webpage of the Council (warning: epo.org link) and can be found using the search keyword “auditors”.

The first mention of GDPR is in the 2018 audit report, CA/20/18, on page 6 of 81:

42) As of 25 May 2018, a new, uniform General Data Protection Regulation (GDPR) on data privacy will apply across the European Union (EU) to all organisations collecting and/or processing data from EU residents.
43) On July 2017, the President issued a task force with a mandate to assess the potential impact of this new EU GDPR on the EPO’s current data protection guidelines.
44) It is noted that the EPO’s current data protection guidelines are relatively closely in line with the new GDPR.
However, an action plan is in place to address the potential impact of the GDPR on the EPO.

EPO CA-20-18 page 6 of 81

The 2019 audit report, CA/20/19, contains the following statement:

259) The new European General Data Protection Regulation (GDPR) has been in force since 25 May 2018. Even though the EU regulations do not directly apply to the EPO as an international organisation, basic principles have been implemented, as European citizens’ data is processed at the EPO.

It then goes on to talk about a the implementation of a “data protection register to record all the processing operations carried out on personal data” which can be accessed by EPO employees on the EPO intranet. It is not accessible to external data subjects but external parties can make a data subject access request “thus ensuring the right to information”. This is followed by a recommendation that data protection register needs to be updated and to be completed in order to ensure that all relevant information is available.

The report then states that the EPO’s IT department, referred to as IM (= Information Management) is “only involved in the GDPR analysis on a high-level basis” and that IM does not prepare the necessary implementation, such as deletion concepts.

This section of the report concludes with a recommendation to include IM much more in the GDPR evaluation “to ensure that technical and organisational measures are addressed adequately. Additionally technical solutions need to be evaluated.”

The 2020 audit report, CA/20/20, contains a section entitled “Analysis of implementation of GDPR requirements in the HR area” on page 7 of 89.
According to this:

41. Since the Office, as an international organisation that does not fall under the EU regulations, is not subject to the General Data Privacy Regulation (hereinafter: “GDPR”), the internal “Guidelines for the protection of personal data” were developed and introduced by the Office with the latest revision in 2014. The abovementioned guidelines are very close to the requirements of the GDPR and Regulation (EU) 2018/1725 and as such are to be implemented and followed by the Office.

EPO CA-20-20 page 7 of 89

There are two short paragraphs explaining that “audit procedures were carried out in respect of the adherence of the Office to the requirements of the above-mentioned guidelines within the HR area” and that the audit “resulted in a number of recommendations”, such as the need to update the Data Protection Registry and to define retention and deletion periods and actions for events such as retirement and leaving the Office.

“There hasn’t actually been any independent audit of the EPO’s data protection framework to determine the level of GDPR compliance.”Additionally, it recommends that “the awareness of the responsibilities of controllers in terms of data protection topics should be raised, and regular training sessions should be held for the HR department, as well as for other departments working with the personal data, to inform them about critical areas in the data protection process.”

From this it can be seen that the the annual reports of the Board of Auditors just parrot the party line of EPO management according to which “the EPO’s current data protection guidelines are relatively closely in line with the new GDPR” (CA/20/18) and “the internal ‘Guidelines for the protection of personal data’ [which] were developed and introduced by the Office with the latest revision in 2014 … are very close to the requirements of the GDPR and Regulation (EU) 2018/1725″ (CA/20/20).

There hasn’t actually been any independent audit of the EPO’s data protection framework to determine the level of GDPR compliance.

All that we have are bald assertions of GDPR compliance by EPO management which have been rubber-stamped by the auditors without further ado.

“All that we have are bald assertions of GDPR compliance by EPO management which have been rubber-stamped by the auditors without further ado.”Given that EPO management claimed at the time of adoption of the EPO’s internal “Guidelines for the protection of personal data” in 2014 that they were closed aligned to the earlier EU Regulation (EC) 45/2001, it remains to be explained how these same Guidelines could now manage to be compliant with the GDPR which was not adopted by the EU until 2016 and entered into force in 2018.

Of course it’s complete nonsense but as long as nobody actually goes to the trouble of carrying out an independent audit who’s going to notice anything?

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New

  1. [Meme] “Social Democracy” at the EPO

    Some comments on the current situation at the European Patent Office from Goran Gerasimovski, the new EPO Administrative Council delegate for North Macedonia and Social Democratic candidate for mayor of Centar (a municipality of Skopje)

  2. [Meme] António Campinos Visits the OSIM

    António Campinos visits OSIM Director-General Ionel Muscalu in February 2014

  3. [Meme] [Teaser] Meet the President

    Later today we shall see what Romania did for Battistelli

  4. Links 26/10/2021: Latte Dock 0.10.3 and Linux 5.15 RC7

    Links for the day

  5. Gemini Protocol's Originator: “I Continue to Care About This Project and I Care About the Community That Has Formed Around It.”

    'Solderpunk' is back from a long hiatus; this bodes well for Geminispace, which grew fast in spite of the conspicuous absence

  6. Bulgarian Like Bavarian Serfdom

    Bulgarian politics seem to have played a big role in selecting chiefs and delegates who backed Benoît Battistelli‘s unlawful proposals, which treat workers almost like slaves and ordinary citizens as disposable ‘collaterals’

  7. The EPO’s Overseer/Overseen Collusion — Part XXIII: The Balkan League - Bulgaria

    Today we examine the role of Bulgaria in Benoît Battistelli‘s liberticidal regime at the EPO (as well as under António Campinos, from 2018 to present) with particular focus on political machinations

  8. Links 25/10/2021: New Slackware64-current and a Look at Ubuntu Budgie

    Links for the day

  9. Links 25/10/2021: pg_statement_rollback 1.3 and Lots of Patent Catchup

    Links for the day

  10. Microsoft GitHub Exposé — Part III — A Story of Plagiarism and Likely Securities Fraud

    Today we tread slowly and take another step ahead, revealing the nature of only some among many problems that GitHub and Microsoft are hiding from the general public (to the point of spiking media reports)

  11. [Meme] [Teaser] Oligarchs-Controlled Patent Offices With Media Connections That Cover Up Corruption

    As we shall see later today, the ‘underworld’ in Bulgaria played a role or pulled the strings of politically-appointed administrators who guarded Benoît Battistelli‘s liberticidal regime at the EPO

  12. IRC Proceedings: Sunday, October 24, 2021

    IRC logs for Sunday, October 24, 2021

  13. Links 25/10/2021: EasyOS 3.1 and Bareflank 3.0

    Links for the day

  14. The Demolition of the EPO Was Made Possible With Assistance From Countries That Barely Have European Patents

    The legal basis of today's EPO has been crushed; a lot of this was made possible by countries with barely any stakes in the outcome

  15. The EPO’s Overseer/Overseen Collusion — Part XXII: The Balkan League - North Macedonia and Albania

    We continue to look at Benoît Battistelli‘s enablers at the EPO

  16. Links 24/10/2021: GPS Daemon (GPSD) Bug and Lots of Openwashing

    Links for the day

  17. Links 24/10/2021: XWayland 21.1.3 and Ubuntu Linux 22.04 LTS Daily Build

    Links for the day

  18. IRC Proceedings: Saturday, October 23, 2021

    IRC logs for Saturday, October 23, 2021

  19. Links 24/10/2021: Ceph Boss Sage Weil Resigns and Many GPL Enforcement Stories

    Links for the day

  20. GAFAM-Funded NPR Reports That Facebook Let Millions of People Like Trump Flout the So-called Rules. Not Just “a Few”.

    Guest post by Ryan, reprinted with permission

  21. Some Memes About What Croatia Means to the European Patent Office

    Before we proceed to other countries in the region, let’s not forget or let’s immortalise the role played by Croatia in the EPO (memes are memorable)

  22. Gangster Culture in the EPO

    The EPO‘s Administrative Council was gamed by a gangster from Croatia; today we start the segment of the series which deals with the Balkan region

  23. The EPO’s Overseer/Overseen Collusion — Part XXI: The Balkan League – The Doyen and His “Protégée”

    The EPO‘s circle of corruption in the Balkan region will be the focus of today’s (and upcoming) coverage, showing some of the controversial enablers of Benoît Battistelli and António Campinos, two deeply corrupt French officials who rapidly drive the Office into the ground for personal gain (at Europe’s expense!)

  24. Links 23/10/2021: FreeBSD 12.3 Beta, Wine 6.20, and NuTyX 21.10.0

    Links for the day

  25. IRC Proceedings: Friday, October 22, 2021

    IRC logs for Friday, October 22, 2021

  26. [Meme] [Teaser] Crime Express

    The series about Battistelli's "Strike Regulations" (20 parts thus far) culminates as the next station is the Balkan region

  27. Links 23/10/2021: Star Labs/StarLite, Ventoy 1.0.56

    Links for the day

  28. Gemini on Sourcehut and Further Expansion of Gemini Space

    Gemini protocol is becoming a widely adopted de facto standard for many who want to de-clutter the Internet by moving away from the World Wide Web and HTML (nowadays plagued by JavaScript, CSS, and many bloated frameworks that spy)

  29. Unlawful Regimes Even Hungary and Poland Would Envy

    There’s plenty of news reports about Polish and Hungarian heads of states violating human rights, but never can one find criticism of the EPO’s management doing the same (the mainstream avoids this subject altogether); today we examine how that area of Europe voted on the illegal "Strike Regulations" of Benoît Battistelli

  30. The EPO’s Overseer/Overseen Collusion — Part XX: The Visegrád Group

    The EPO‘s unlawful “Strike Regulations” (which helped Benoît Battistelli and António Campinos illegally crush or repress EPO staff) were supported by only one among 4 Visegrád delegates

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts