Bonum Certa Men Certa

The EPO Bundestagate -- Part 4: Parroting the GDPR-Compliance Myth

Series index:

  1. The EPO Bundestagate -- Part 1: How the Bundestag Was (and Continues to be) Misled About EPO Affairs
  2. The EPO Bundestagate -- Part 2: Lack of Parliamentary Oversight, Many Questions and Few Answers…
  3. The EPO Bundestagate -- Part 3: A “Minor Interpellation” in the German Bundestag
  4. You are here ☞ Parroting the GDPR-Compliance Myth


EPO's GDPR-Compliance Myth
What could possibly have led the German government to parrot the EPO's bogus and self-serving claims about GDPR-compliance?



Summary: The EPO had been in violation of GDPR (EU) for years, both under Benoît Battistelli and António Campinos; but the lies persisted

Back in October 2019, the FDP submitted another "minor interpellation" entitled "Data protection in relation to cooperation with the EPO" ("Datenschutz bei EPA-Zusammenarbeit" - Bundestag Printed Paper [PDF] no. 19/14490).



This interpellation contained a series of questions relating to the EPO's data protection framework, in particular in the context of data exchanges with national authorities such as the German Patent & Trademark Office.

"This interpellation contained a series of questions relating to the EPO's data protection framework, in particular in the context of data exchanges with national authorities such as the German Patent & Trademark Office."Under point 7. of the interpellation, the FDP explicitly raised the issue of the compliance of the EPO's data protection framework with the GDPR (which had entered into force over a year previously in May 2018).

The relevant passage of the interpellation reads as follows (in translation):

According to the knowledge of the Federal Government, is data processing at the EPO compliant with the provisions of the GDPR, or does it have any indications that would suggest a deviation from GDPR regulations?


The response of the Federal Government was published on 12 November 2019 (Bundestag Printed Paper [PDF] no. 19/15072).

The passage of the response which addresses point 7. of the FDP's interpellation reads as follows (in translation):

The Federal Government has no indication that the EPO does not comply with the provisions of the European data protection standards. The Board of Auditors of the European Patent Organisation, which is appointed by the Administrative Council under Article 49(1) EPC and carries out its activities in accordance with Articles 49 and 50 EPC and its Rules of Procedure and professional auditing standards, stated the following in its audit report for the financial year 2018 (document CA/20/19) (warning: epo.org link). Although the EPO, as an international organization, is not directly subject to EU rules, the basic principles of the GDPR have nevertheless been implemented, as data of European citizens are processed at the EPO. In addition, it was noted that for the sake of transparency, the EPO has already established a data protection register in the past to record all processing of personal data. Upon request, the information can be made available (publicly) to the data subject, thus ensuring the right to information.


The government's response is another classic piece of hand-waving and obfuscation about the atrociously deficient state of the EPO's data protection framework.

It is however worth looking at this response more closely because it seems to have come straight from the EPO's internal "echo chamber". There is very little evidence of any independent thought or research on the part of those responsible for drafting the government's statement of its position.

"It seems that the reader is supposed to accept these assertions on "blind faith"."What is particularly noteworthy is the fact that the German government appears to rely solely on the EPO's internal audit report for the financial year 2018 (CA/20/19) (warning: epo.org link) as the basis for its "considered opinion" that the EPO's data protection framework is GDPR-compliant.

There's just one small problem here.

Neither CA/20/19 nor any other internal "audit report" from the EPO contains a meaningful substantive assessment of the organisation's data protection framework and its purported compliance with GDPR standards.

The available audit reports from the EPO (CA/20/18, CA/20/19, CA/20/20) (warning: all are epo.org links) only contain cursory self-serving assertions to the effect that the organisation's data protection framework is "relatively closely aligned" with EU data processing regulations - whatever that is supposed to mean.

What is conspicuously absent is a credible independent audit of the EPO's data protection framework that could be considered to substantiate the self-serving assertions emanating from the EPO's senior management.

It seems that the reader is supposed to accept these assertions on "blind faith".

"For this reason it's a bit disconcerting to see the Federal Government of Germany still parroting the EPO's manifestly bogus and self-serving assertions about GDPR-compliance in such a naïve and uncritical manner in November 2019."However, this becomes difficult when it is recalled that back in 2016 the EPO staff union (SUEPO) commissioned a report about various aspects of EPO governance from external legal experts.

This report dated 31 May 2016 - which is publicly available - found that the EPO's data protection framework was not compliant with EU data protection standards and that it was in urgent need of a radical overhaul.

Nothing of substance has changed since May 2016.

For this reason it's a bit disconcerting to see the Federal Government of Germany still parroting the EPO's manifestly bogus and self-serving assertions about GDPR-compliance in such a naïve and uncritical manner in November 2019.

In the next part we will consider how this curious state of affairs came about.

Recent Techrights' Posts

Datamation, Where I Used to Publish Articles, Appears to Have Been Sold to TechnologyAdvice Only to Become a Slopfarm
I'd prefer to not associate with that site anymore
 
How Software Patents Were Viewed or Their General Status Changed Over Time
A rough summary
We Are Turning 19 in One Month, FSF Turns 40 in 3 Hours (CET)
For our anniversary next month we still have no concrete plans
Patent Docs (or PatentDocs) Learned the Wrong Lessons From the Death of TypePad
Had they gone ahead with an SSG, they'd become a lot more future-proof
USPTO Patent Bubble Already Imploding, After Decades of Artificial Inflation, Entire Offices Close for Good
we can deduce that financial pressures (lack of "demand" for monopolies) play a role
TikTok is Not Harmless (Being CheeTok in the US Will Advance Orange Agenda)
Social control media isn't "fun and games"; it's a digital weapon that lets hostile groups or nations infiltrate others, then turn them against themselves
Andy Farnell and Helen Plews Explain What "Modern" Tech Does to Old People
Imposing terrible tech "religion" on people is not helping them
Tomorrow the Free Software Foundation (FSF) Turns 40 and Its Web Site is Still Slow Due to DDoS by LLM Slop Bots
For an advocacy group, uptime is important (for its message to remain accessible)
Slopwatch: Google News as a Firehose of LLM Slop About "Linux"
Google News is really bad
Links 03/10/2025: "NPR’s Economics Lessons Come With Neoliberal Spin" and Canada Post at Risk
Links for the day
Gemini Links 03/10/2025: Panic Attacks and Food Adulteration
Links for the day
Links 03/10/2025: Lawyers Caught Using LLM Slop Explain Why They Did It, LibreSSL 4.1.1 and 4.0.1 Released
Links for the day
FSF Board Grew 50% Since Last Year, Has New President, Turns 40 in Two Days
It's a good move for the FSF and - by extension - for software freedom
Links 03/10/2025: Conflicts, Death of TypePad, and TikTok/CheeTok Gives a Boost to Far Right Groups in Europe
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, October 02, 2025
IRC logs for Thursday, October 02, 2025
Slopwatch: Linux Journal, Google News, and LinuxSecurity
They carry on polluting the Web with fake articles
Gemini Links 02/10/2025: Kubernetes With FreeBSD and robots.txt
Links for the day
Links 02/10/2025: 'Open' 'AI' Resorting to Gimmicks and Fake Funding, Europe’s ‘Drone Wall’ Discussed
Links for the day
Links 02/10/2025: Brave Passes 100M Users Milestone, Kodak Selling Its Own Film Again
Links for the day
Michael “Monty” Widenius: It Started in 1983 With Richard Stallman (RMS)
The other co-founder of MySQL is a bit notorious for confronting RMS rather viciously
For the Second Time in a Few Weeks Microsoft Lunduke Makes False Accusations Against Senior Red Hat Staff to Incite a Despicable 'Troll Army'
Nothing that Microsoft Lunduke claims of says can be trusted
su lisa && rm -rf /home/ibm/power
Novell was ruined by another person from IBM, Ronald Hovsepian
A Record Demand at Microsoft: Demand to Cancel
What we're witnessing is a very ungraceful destruction of XBox
Microsoft is Losing Europe
Hence all the "support" and "discount" offers that are limited to Europe
The Free Software Foundation Starts Fund-raising for 40th Anniversary
New pop-up 2-3 days ahead of the 40th anniversary event
Systemd Breaks Networking in Debian and Microsoft Staff Rushes to Make Face-Saving Excuses in LWN
Microsoft's bluca is already there in the comments, his Microsoft money pays for LWN to let him leave comments early
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, October 01, 2025
IRC logs for Wednesday, October 01, 2025
What the End of XBox Will Look Like: a Fiery Crash
XBox is the next Skype. It won't last much longer. Expect many more layoffs.
Richard Stallman is Going to Finland to Give a Talk Next Thursday
A day later he speaks in Sweden
Gemini Links 02/10/2025: SMTP Pipelining and End of ROOPHLOCH 2025
Links for the day
Slopwatch: Plagiarism, Fake Articles, and FUD About Linux
not a day goes by without Google News feeding FUD from slopfarms
Gemini Links 01/10/2025: Chat Control and End of Life
Links for the day
Links 01/10/2025: Long Covid Risk Reiterated, "Bitcoin Queen" Caught
Links for the day
Links 01/10/2025: EA $55 Billion Deal is Debt and Slop "Raises Vishing Risks"
Links for the day
Bluewashing at Red Hat Means Redundancies
The man who sold Red Hat to IBM meanwhile became a Microsoft Mono booster
After Killing OpenSource.com, IBM ('Red Hat') and OSI Told Us OpenSource.net Would Replace It (But That Didn't Happen)
Now it's time to move on, perhaps tarnishing the "Open Source" label some more (for whatever sponsor wants this)
Linux is Not a Community Project, It's a Wall Street Product
The core goal should be freedom
Bad Actors Abusing the Free Software Community, Vandalising It Using Rogue Politics and Old Tactics
Oil giants have long attempted to do this; now, the digital equivalent of Big Oil does this in technology
Social Control Media Isn't the Future, The Federation or Fediverse Isn't Growing, People's Accounts Vanish for Good
users' accounts will get deleted, not just become inactive
IBM is Failing, This Helps Show Wall Street is Entirely Detached From Actual Commercial Performance
IBM is unable to grow, it's just constantly shrinking
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, September 30, 2025
IRC logs for Tuesday, September 30, 2025
Clerical Aspects of Publishing and Development
In Free software, the management aspects are considerably reduced
Slopwatch: Fake Articles and Google News Promoting "Linux" Spam or Bot-Generated Fear, Uncertainty, Doubt (FUD)
These slopfarms help misplace blame
Third Wave of Microsoft Layoffs in September, This Time Many in Liverpool Affected
Be ready for more waves of layoffs ahead of the so-called "results" in late October