Bonum Certa Men Certa
Links 17/4/2021: Linux 5.13 in Sight, Holland Warming up to Free Software | Renata Avila: Trying to Understand the Lynching of Stallman

Breaking News: EDPS Admits That It is Powerless to Investigate Claims of GDPR Non-compliance at the EPO

Nothing says 'European data protection' like outsourcing communications to an American surveillance firm



Summary: Nobody is truly in charge at the EDPS (and in Europe at large); they say EPO is "company" and all one can do is kindly ask the EPO itself to obey the law and stop outsourcing European data to American military contractors

Back in March, Techrights started publishing its exposé about the EPO's sell-out of its digital sovereignty to Microsoft.



At around the same time this matter was brought to the attention of the European Data Protection Supervisor (EDPS).

"Its primary objective is to ensure that European institutions and bodies respect the right to privacy and data protection when they process personal data and develop new policies."The EDPS is an independent supervisory authority established by the European Union. Its primary objective is to ensure that European institutions and bodies respect the right to privacy and data protection when they process personal data and develop new policies.

You might have thought that the EDPS would be interested to learn about the alleged GDPR non-compliance at an intergovernmental institution which processes large amounts of personal data relating to EU citizens. You might even have expected them to carry out some kind of independent investigation like the Bavarian Data Protection Commissioner did back in 2015.

But sadly it turns out to be another case of "Not My Department".

"You might have thought that the EDPS would be interested to learn about the alleged GDPR non-compliance at an intergovernmental institution which processes large amounts of personal data relating to EU citizens."In its response to the complaint filed about the EPO, the EDPS has now stated that it is powerless to investigate claims of GDPR non-compliance at the second largest European intergovernmental institution.

Instead it suggests to the complainants that they "could contact EPO directly [...] by sending an email to DPO@epo.org".

The EDPS adds: "You can find this information in the company's Privacy Policy, available here: EPO - Data protection & privacy." (warning: epo.org link)

So as far as the EDPS is concerned, the EPO is a "company" rather than a public intergovernmental institution?

"So as far as the EDPS is concerned, the EPO is a "company" rather than a public intergovernmental institution?"Surely this is beyond a joke...

If EU citizens have a problem with the EPO's failure to comply with GDPR, the only available solution is to complain to the EPO?

And that is going to fix things?

Sounds like somebody in Brussels needs a reality check... URGENTLY!!!

Here's the text of the letter:

Our ref.: ⬆⬆⬆⬆⬆⬆⬆⬆⬆⬆⬆⬆⬆⬆



From: European Data Protection Supervisor

To: ⬆⬆⬆⬆⬆⬆⬆⬆⬆⬆⬆⬆⬆⬆⬆⬆⬆

Date: Friday, April 16, 2021

Dear ⬆⬆⬆⬆⬆⬆⬆⬆⬆⬆⬆⬆⬆⬆⬆

We are writing in response to your complaint submitted to the European Data Protection Supervisor (EDPS) on 11 March 2021.

We would like to point out that the EDPS is the independent authority of the European Union (EU) that deals with the supervision of the processing of personal data done by EU institutions and bodies[1]. In this sense, our tasks are similar to the tasks of national data protection authorities in the EU Member States, but apply only at the level of the European Union and its institutions[2].

We have analysed the matter raised in your message, and it appears that your request does not relate to the processing of personal data by EU institutions or bodies.

The EDPS has no supervisory competence over other international organisations. In consequence, we regret to inform you that your complaint, regardless its possible merits, falls outside the jurisdiction of the EDPS and we therefore do not have any authority to investigate it.

Please be informed that the seat agreements that the international organisations have with their host states usually grant them certain privileges and immunities. These often exclude the application of national law to the international organisation and therefore, the national data protection authority (DPA) of its host state may not be able to assist you either.

However, please be advised that you could contact EPO directly regarding your complaint by sending an email to DPO@epo.org. You can find this information in the company's Privacy Policy, available here: EPO - Data protection & privacy.

Yours sincerely,



EDPS Secretariat

| Tel. (+32) 228 31900 | Fax +32(0)22831950 | › Email edps@edps.europa.eu European Data Protection Supervisor Postal address: Rue Wiertz 60, B-1047 Brussels Office address: Rue Montoyer 30, B-1000 Brussels @EU_EDPS www.edps.europa.eu

This email (and any attachment) may contain information that is internal or confidential. Unauthorised access, use or other processing is not permitted. If you are not the intended recipient please inform the sender by reply and then delete all copies. Emails are not secure as they can be intercepted, amended, and infected with viruses. The EDPS therefore cannot guarantee the security of correspondence by email.

[1] According to Regulation (EU) 2018/1725 (see https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX:32018R1725 '... the European Data Protection Supervisor, shall monitor the application of the provisions of this Regulation to all processing operations carried out by a Union institution or body...' (see Article 1(3)). According to Article 3(10), the ‘Union institutions and bodies’ are the Union institutions, bodies, offices and agencies set up by, or on the basis of, the TEU, the TFEU or the Euratom Treaty (see http://europa.eu/about-eu/institutions-bodies/index_en.htm for a full list).

2 For example, like national data protection authorities we also provide advice to the legislator on new legislative proposals and on initiatives having an impact on data protection and privacy.



Data Protection Notice

According to Articles 15 and 16 of Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, please be informed that your personal data will be processed by the EDPS, where proportionate and necessary, for the purpose of investigating your complaint. The legal basis for this processing operation is Article 57(1)(e) of Regulation (EU) 2018/1725. The data processed will have been submitted by you, or from other sources during the inquiry of your complaint, and this may include sensitive data. Your data will only be transferred to other EU institutions and bodies or to third parties when it is necessary to ensure the appropriate investigation or follow up of your complaint. Your data will be stored by the EDPS in electronic and paper files for up to ten years (five years for prima facie inadmissible complaints) after the case closure, unless legal proceedings require us to keep them for a longer period. You have the right to access your personal data held by the EDPS and to obtain the rectification thereof, if necessary. Any such request should be addressed to the EDPS at edps@edps.europa.eu. Your data might be transferred to other EU institutions and bodies or to any third parties only where necessary to ensure the appropriate handling of your request. You may also contact the data protection officer of the EDPS (EDPS-DPO@edps.europa.eu), if you have any remarks or complaints regarding the way we process your personal data. You can find the full version of our data protection notice on complaint handling at: https://edps.europa.eu/data-protection/our-role-supervisor/complaints-handling-data-protection-notice_en.

___________________________ [1] According to Regulation (EU) 2018/1725 (see https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX:32018R1725 '... the European Data Protection Supervisor, shall monitor the application of the provisions of this Regulation to all processing operations carried out by a Community institution or body...' (see Article 1(2)). According to paragraph 1 of the same article, the ‘Community institutions or bodies’ are the institutions and bodies set up by, or on the basis of, the Treaties establishing the European Communities (see http://europa.eu/about- eu/institutions-bodies/index_en.htm for a full list). [2] For example, like national data protection authorities we also provide advice to the legislator on new legislative proposals and on initiatives having an impact on data protection and privacy.


Notice the mistakes with the footnotes, the repetition, the odd formatting etc. A rushed job? Did they properly investigate the complaint at all? Or did they look for excuses to dismiss it upfront? Did they use a template that refers to the subject as "company" or do they seriously think EPO is now a for-profit corporation? And if so, are corporations above the law and above the state? Here's the original [PDF] FWIW.

Links 17/4/2021: Linux 5.13 in Sight, Holland Warming up to Free Software | Renata Avila: Trying to Understand the Lynching of Stallman

Recent Techrights' Posts

IBM CEO Says IBM is Just Reliant on Buzzwords That Are Overhyped
IBM has nothing to show anymore and telling fairytales to shareholders is a temporary 'fix'
The "Alicante Mafia" - Part XI - No Comment From Steve Rowan, Niloofar Simon, and Christoph Ernst About Cocaine Inside EPO
What kind of patent office is this?
Giving a Voice to the Community (Even When It's Inconvenient or 'Scary')
Once upon a time we were threatened with deplatforming for merely reposting articles by Daniel Pocock; we no longer have this problem
 
Fake IBM Retirements (IBM Gives Older Workers Ultimatums, Deadlines, and Carrots on Sticks)
As they point out, IBM is desperate to lower costs
Linuxiac is Basically a Fake News Site, But It's Being Fed by Google News
Because Google News is run by Google, a slop pusher
Links 25/01/2026: Slop "Tribalism", Nike Apparently Cracked
Links for the day
Claims That PIPs Are Abused for Silent Mass Layoffs at IBM (Without Severance) or Forced Retirements
Performance Improvement Plans (PIPs) "clearly bogus as everyone on my team who has been on one has been fired"
WebM Version of Richard Stallman's Latest Talk (Georgia Tech Talk)
The file size is smaller
After Half a Decade Vista 11 is Still a Giant Failure
Don't expect Microsoft to gain a foothold
Details on IBM Layoffs in the EU Last Week, Same Allegedly Coming to the US Shortly
"Around 50 people affected in Belgium."
Technology Trends Driven by DRM Giants, Planned Obsolescence, Not the Needs of the Buyers
The "pushers" think of customers as "users"; and they encourage passivity, Stockholm Syndrome
Links 25/01/2026: Microsoft BitLocker Backdoored for Decades Already, Microsoft-Backed ICE Still Murders Civilians
Links for the day
Gemini Links 25/01/2026: "Expert in a Dying Field" and Global Commands
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, January 24, 2026
IRC logs for Saturday, January 24, 2026
After the Slop Bubble
At the end, looking back, we'll all generally understand that the net effort of slop was environmental destruction
Projection of Fanatic From Microsoft
Microsoft Lunduke is pandering to the 4Chan 'crowd'
Digg.com (Digg) is a Censorship Platform, Just Another Social Control Media/Network, Controlled by the Few
We are not going to bother with any social control media
Spam, Slop, and Fake 'Articles' Regarding "Linux"
Serial Sloppers like these are harming real reporting about Linux and GNU
Rape investigation dropped: Will Fowles & ALP transgender deception
Reprinted with permission from Daniel Pocock
Diversity, Grooming & Debian transgender Zero
Reprinted with permission from Daniel Pocock
Pauline / Maria / Alice Climent(-Pommeret) & Debian transgender offensive cybersecurity deception
Reprinted with permission from Daniel Pocock
Did judge with transgender sister & Debian conflict of interest help cover-up a death?
Reprinted with permission from Daniel Pocock
Links 24/01/2026: CBS News Demolished From the Inside and Many Publishers Admit Layoffs
Links for the day
Gemini Links 24/01/2026: Dreams and Raspberry Pi Zero 2W
Links for the day
Richard Stallman's First Talk in US College Since 2018: Videos and Photos
There are some backstories
Judge Richard Oulevey (Grandcour Choeur, Tribunal Vaud) & Debian shaming abuse victims and witnesses
Reprinted with permission from Daniel Pocock
Judgment: French army vanquishes German FSFE on Hitler's birthday, Microsoft contract dispute (1716711)
Reprinted with permission from Daniel Pocock
EDPB/CNIL privacy expert Amandine Jambert (cryptie, FSFE) implicitly admitted lying about harassment when she resigned admitting conflict of interest
Reprinted with permission from Daniel Pocock
Links 24/01/2026: TikTok Controlled by Alt Reich in US Now, White House Shares Fake, Manipulated, Misleading Images Already
Links for the day
Projection Tactics - Part IV: SLAPP by Americans Against Techrights (UK) to Hide Serious Abuses Against American Women
"PRs need to stop being complicit in suppression of information via SLAPPs"
Dirty Laundry at Debian and Elsewhere
We cannot just brush aside real issues involving real people and their families
Illegal, Unconstitutional Kangaroo Court for Patents Drops the Masks, Shows Its Real Purpose is to Serve Multinational Monopolists and Crush European SMEs
Europe (or the EU) is rapidly becoming a corporate project, not a unified governance initiative
The "Alicante Mafia" - Part X - EPO Strikes to Begin Next Week
Things gradually escalate this month
Gemini Links 24/01/2026: Snow, Boxing, and Lisp is Fun
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, January 23, 2026
IRC logs for Friday, January 23, 2026
Senior management and HR email privacy: Martin Ebnoether (venty), Axel Beckert (xtaran) & Debian abuse in Switzerland
Reprinted with permission from Daniel Pocock
Pierre-Elliott Bécue, ANSSI & Debian cybertorture
Reprinted with permission from Daniel Pocock
MJ Ray, Micah Anderson & Debian on drugs, prostitution at DebConf6 fight
Reprinted with permission from Daniel Pocock
Excellence in Ethics: a list of victories for the truth
Reprinted with permission from Daniel Pocock
Richard Stallman Giving Public Talk, Answering Questions From the Audience
We understand (from the organisers) that there will be a video of the talk
Forbes Covers in 2026 What Was Already Clear for Over a Decade: Microsoft's BitLocker 'Encryption' is a Back Door
One that's promoted by the loudest boosters of UEFI 'secure boot' as well
The Grapevine Says IBM's American RAs (Mass Layoffs) Soon to Follow European RAs, PIPs and "Reviews" as Pretext for a Likely Baseless Dismissal
The days of honourable corporations and work ethics are long gone it seems...
Links 23/01/2026: Minus 24 deg C in South Korea, "Iran Internet Blackout Passes Two-Week Mark"
Links for the day
Gemini Links 23/01/2026: "Witch Watch" and English on the Net
Links for the day
Reminder That "Linux" in the Site's Name (and Domain) Does Not Imply Authentic Journalism About GNU/Linux
the sad fact that some once-legitimate sites became slopfarms
Further Comments Illuminate Observations Regarding IBM's Layoffs (RAs) Plan for Europe
Some shed light on the expected scale
Links 23/01/2026: Growing Censorship, Intel Falls (Another Bubble, Propped Up by Cheeto Bailout), and Huge GAFAM Layoffs Continue
Links for the day
Working for Freedom Makes You a Target
it's not about what you do but about who gets served
Appeasing Bullies Doesn't Work
The reason we're still here and very active is that we're good at what we do
Claim That IBM Mass Layoffs Began Again in Europe, With Rumours It'll Close Offices
Unless IBM issues a statement (admission) to the media or issues WARN notices (in the US), the lousy media will simply assume - however wrongly - that nothing is happening and there's nothing to report
How Microsoft Will Tell Shareholders That the Business is Failing in a Few Days
It'll resort to "AI" storytelling (lying about slop having potential for some unspecified future year)
Flying to See Today's Talk by Richard Stallman
It's probably not too late to reserve a seat for today's talk
The Fall of Freenode Didn't Kill IRC and the Web's Issues (Not Limited to LLM Slop) Didn't Kill Everything
As long as there are enough people willing to keep the simple (or "old") stuff it'll refuse to die
GAFAM Layoffs by Performance Improvement Plans (PIPs) Hide the Real Scale of Their Financial Troubles
the "official" numbers of layoffs will never tell the true story
'Domesticated' Animals Not More Valuable Than Free-range Wildlife, Proprietary ('Commercial') Software Isn't Better Than Free Software
the proprietary software giants (companies like SAP or Microsoft) have a lot of lobbyists
The "Alicante Mafia" - Part IX - EPO Budget Funnelled Into Cocaine and Moreover Rewards Cocaine-Addicted Management for Getting Busted by Police
Any day that passes without European media and European politicians doing anything about it merely discredits the media and the EU (or national governments)
Richard Stallman Won't Talk About "AI", He'll Talk About Chatbots and LLMs Lacking Any Intelligence
This really irritates people who dislike the message; so they attack the person
Slopfarms Still Fed by Google, Boosting Fake 'Articles' That Pretend to Cover "Linux"
At this point about 80-90% of the search results appear not to be slopfarms
Gemini Links 23/01/2026: The Danish Approach to Deepfakes and Random vi Things
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, January 22, 2026
IRC logs for Thursday, January 22, 2026