Bonum Certa Men Certa

EPOLeaks on Misleading the Bundestag -- Part 7: Ms Voßhoff Alerts the Bundestag…

Series index:

  1. The EPO Bundestagate -- Part 1: How the Bundestag Was (and Continues to be) Misled About EPO Affairs
  2. The EPO Bundestagate -- Part 2: Lack of Parliamentary Oversight, Many Questions and Few Answers…
  3. The EPO Bundestagate -- Part 3: A “Minor Interpellation” in the German Bundestag
  4. The EPO Bundestagate -- Part 4: Parroting the GDPR-Compliance Myth
  5. The EPO Bundestagate -- Part 5: The Federal Eagle's Disconcerting Metamorphosis
  6. EPOLeaks on Misleading the Bundestag -- Part 6: Dr Petri Starts the Ball Rolling…
  7. You are here ☞ Ms Voßhoff Alerts the Bundestag…


Federal Data Protection Commissioner



Summary: In July 2015, the Federal Data Protection Commissioner notified the Bundestag of her concerns

As is well known, the EPO made headlines in Germany in June 2015 following revelations about covert surveillance conducted by the Benoît Battistelli's notorious "Investigative Unit" which was reported to have deployed hidden cameras and key loggers in a manner that would have been illegal under EU and national data protection law in Germany.



Media reports about the EPO spy-scandal persuaded Ms Voßhoff to dust off the EPO file and renew her efforts to have this rogue organisation called to account by the Federal German authorities.

"Media reports about the EPO spy-scandal persuaded Ms Voßhoff to dust off the EPO file and renew her efforts to have this rogue organisation called to account by the Federal German authorities."In July 2015, Ms Voßhoff proceeded to write to Ms Renate Kunast, the Chairperson of the Legal Affairs Committee of the German Federal Parliament (the "Bundestag") to bring her concerns to the attention of German parliamentarians.

The text of Ms Voßhoff's letter [PDF] reads as follows (in translation):

I was made aware of the issue of the lack of independent external data protection supervision of the European Patent Office (EPO) by the Bavarian State Commissioner for Data Protection.

My efforts to improve data protection supervision at the EPO have so far been have so far been unsuccessful.

I would therefore like to draw the attention of the German Bundestag to the problem.

The European Patent Office is an organ of the European Patent Organisation (EPO) established by the European Patent Convention (EPC) and endowed with legal personality. It is therefore a supranational institution based on an international treaty with its headquarters in Munich and offices in The Hague, Berlin, Vienna and Brussels. Vienna and Brussels with about 6,800 employees. The contracting states are 38 European countries, including all EU member states.

The legal nature of the EPO means that there is no data protection supervision by an independent external body. Neither the Bavarian State Commissioner for Data Protection nor I can derive any competence from state or federal data protection law. The EPO is neither a public body of the State of Bavaria nor of the Federal Republic of Germany. The European Data Protection Supervisor is also ruled out as an independent supervisory body, as the EPO is neither an institution nor a body of the European Union.

Even if, according to the EPO's internal data protection officer, internal data protection regulations have been in place at the EPO since 1992, in particular based on the Data Protection Directive 95/46 EC, a lack of independent external data protection supervision is also taken as given from the EPO perspective.

In the interest of safeguarding the data protection rights of those affected, I have contacted the responsible Federal Ministry of Justice and Consumer Protection (BMJV) with the request to examine measures to close this supervisory and oversight gap, for example by means of a corresponding amendment to the EPC.

The BMJV has not yet taken up this suggestion. It refers to the necessity of a diplomatic conference of all 38 contracting states of the EPC for such an institutional reform of the EPC. This time-consuming procedure would not permit an amendment in the short term.

However, the Federal Ministry of Justice gives an assurance that it will continue to advocate, within the scope of its possibilities, compliance with and further development of high data protection standards and an independent data protection structure in its committee work within the EPO.

Although I have some understanding for the BMJV's position, the permanent absence of an independent external supervisory authority for data protection matters nevertheless poses a risk - that should not be underestimated - to the fundamental right to informational self-determination of the persons concerned given the processing of a large amount of personal data of applicants and staff at the EPO.

This risk is rendered apparent by a case that has now received press coverage. In an article dated 8 June 2015 (see attachment), the Süddeutsche Zeitung reported allegations that two publicly accessible computers at the EPO were placed under surveillance with so-called keyloggers and video cameras without the persons concerned being informed. Due to the current legal situation, no independent data protection supervisory authority can investigate these allegations.

Moreover, those potentially affected, in particular members of the Administrative Council, patent attorneys, employees and visitors to the EPO, lack any possibility of turning to an independent body capable of enforcing their rights to informational self-determination.

In view of the prevailing factual and legal situation, I would be grateful if the Legal Affairs Committee would address the issue in a supportive manner.



The Legal Affairs Committee of the Bundestag reacted to Ms Voßhoff's letter by placing the matter on its agenda for a meeting scheduled to take place in October 2015 [PDF].

It seemed that the Legal Affairs Committee was gearing up to investigate the worrying "supervisory and oversight gap" identified by Ms Voßhoff.

"As far as can be determined from the available evidence, the authors of this intrigue were the duplicitous Tweedledum and Tweedledee duo of the EPO‑Federal Justice Ministry nexus, Raimund Lutz and Christoph Ernst."However, as we shall see in due course, Ms Voßhoff's efforts to have the deficiencies in the EPO's data protection framework subjected to meaningful parliamentary scrutiny were derailed by what appears to have been a nefarious behind-the-scenes intrigue.

As far as can be determined from the available evidence, the authors of this intrigue were the duplicitous Tweedledum and Tweedledee duo of the EPO‑Federal Justice Ministry nexus, Raimund Lutz and Christoph Ernst.

Before delving into the details of the intrigue which derailed Ms Voßhoff's initiative, we will make a detour to look more closely at these two individuals and their respective roles in EPO affairs over the last two decades.

Recent Techrights' Posts

Certificate Authority Let's Encrypt Has Almost Gone Down to Zero, Nearly Totally Extinct in Geminispace, the Few Capsules Still Using It Are Spam/Dead/Stagnant
This represents another decrease for Let's Encrypt; the last decrease was last week
Trying to Silence Techrights Was a Huge Mistake
Peter Thiel attacked a publisher for asserting, correctly, that he was gay. Now everyone knows it.
 
Microsoft Windows Fell to 3.9% "Market Share" in Bahamas
Based on statCounter
How the European Union (EU) Fell Out of Love With Free/Libre Software
Lots of bribery
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, September 07, 2025
IRC logs for Sunday, September 07, 2025
Gemini Links 07/09/2025: Scanner, Slop, and Chadobear
Links for the day
The UEFI 9/11 is 3 Days Away
Nobody denies that bad things will happen
Google Versus Journalism
Google played a big role in the demise of news sites
Gemini Links 07/09/2025: Advertising, Decentralized Archival, and Outsourcing to Bezos
Links for the day
Not Much Left in News Cycles
To be very clear, this does not describe "Linux" anything; it's true in just about every facet of news, except the paid-for fake "journalism" about "hey hi" (sites getting paid explicitly to maintain or rekindle hype)
Throwing Away "Old" Computers (Mozilla and Other Climate Deniers)
Mozilla is not leftist
The UEFI 9/11 - Part VIII - Denial of Service and Selling Us WSL (Windows) Instead of "Risky" (Prone by Breakage by Microsoft) GNU/Linux
Restricted Boot (so-called 'SecureBoot') does not improve security. It is nothing but trouble. It's meant to trouble non-Windows users. In dual-boot setups, SecureBoot is a recipe for disaster because Microsoft keeps erasing or tampering with the boot sector, to paraphrase an associate
Slop is Extremely Rare in Geminispace, Slop Images Are Unheard Of (Despite Images Being Supported)
As long as Geminispace grows in terms of domains it's safe to predict the protocol will still be used in 2029 and hence Geminispace will turn 10
Links 07/09/2025: Robodebt Class Action, Fines, and Copyright Settlement
Links for the day
Links 07/09/2025: Yle Impersonated in Social Control Media, Boat-Attacking Orcas, Midjourney Sued Again
Links for the day
Slopwatch: LinuxSecurity, Linux Journal, and the Serial Slopper
Google won't tackle the issue because Google participates not only in relaying slop but also in generating lots of it
Links 07/09/2025: Google Fines in EU and "Your Internet Access Is at Risk"
Links for the day
Gemini Links 07/09/2025: Little Brother and Corporate Theatre
Links for the day
Links 07/09/2025: More Harms of Slop and Anthropic's Nightmare Scenario (Huge Legal Liabilities for Slop)
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, September 06, 2025
IRC logs for Saturday, September 06, 2025
Microsoft Sites Now Talking About September's Mass Layoffs at Microsoft
It's noteworthy that even Microsoft's MSN now covers the latest revelations about mass layoffs
Gemini Links 06/09/2025: SpellBinding Moving and "The Cloud" Ridiculed
Links for the day
Slopwatch: On "the Apology Industry", Chatbots (Punchbag for Customers), and Fake Articles About "Linux"
"news reporting priorities changed"
Links 06/09/2025: "Covid Incidence on the Rise" and Many Attacks on the Press Worldwide
Links for the day
The Register Bill
The Register MS - putting the "MS" in your centre of the universe
Analogies for "Memory Safety" in Rust
Don't worry, it's Rust! It can do anything!
Nobody Denies That SecureBoot Will Cause Problems After September 11
Not even Microsoft
Gemini Links 06/09/2025: Infinite Scrolling and Posting from Emacs
Links for the day
Links 06/09/2025: GitHub Meltdown Over Slop, "U.S. Jury Says Google Should Pay $425 Million in Privacy Lawsuit"
Links for the day
Despite Its Severe Financial Problems Gnome Foundation Inc Paid Rosanna Yuen Over 100,000 Dollars Last Year
maybe relocation should be considered
The "Left" and the Right"
It poisons everything
Mozilla and Rust Are Not Leftists
they're part of the mass consumerism machine
Disposable to Microsoft
There is an extensive set of people who got used by Microsoft, only to be thrown away a month later or a year later or a decade later
The UEFI 9/11 - Part VII - This Coming Week Many PCs Will Refuse to Boot "Linux" (Because of Microsoft's Expired Certificate)
The real solution is, disable "secure boot" or "SecureBoot" while it's still possible. [...] Just like submarine patents, a lot of this problem was "hibernating" for a while
The Thing Nobody in Red Hat Wants to Talk About Openly
There is a real sentiment or worry among Red Hatters, Europeans and Americans in particulars (because of higher salary expectations)
Slopwatch: Small Parade of Fake News About "Linux" and Scams Borrowing the Name (or Word) "Linux"
In practice, LLMs are a risk
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, September 05, 2025
IRC logs for Friday, September 05, 2025