04.17.21

Gemini version available ♊︎

Breaking News: EDPS Admits That It is Powerless to Investigate Claims of GDPR Non-compliance at the EPO

Posted in Deception, Europe, Microsoft, Patents at 1:06 pm by Guest Editorial Team

Nothing says 'European data protection' like outsourcing communications to an American surveillance firm

Summary: Nobody is truly in charge at the EDPS (and in Europe at large); they say EPO is “company” and all one can do is kindly ask the EPO itself to obey the law and stop outsourcing European data to American military contractors

Back in March, Techrights started publishing its exposé about the EPO's sell-out of its digital sovereignty to Microsoft.

At around the same time this matter was brought to the attention of the European Data Protection Supervisor (EDPS).

“Its primary objective is to ensure that European institutions and bodies respect the right to privacy and data protection when they process personal data and develop new policies.”The EDPS is an independent supervisory authority established by the European Union. Its primary objective is to ensure that European institutions and bodies respect the right to privacy and data protection when they process personal data and develop new policies.

You might have thought that the EDPS would be interested to learn about the alleged GDPR non-compliance at an intergovernmental institution which processes large amounts of personal data relating to EU citizens. You might even have expected them to carry out some kind of independent investigation like the Bavarian Data Protection Commissioner did back in 2015.

But sadly it turns out to be another case of “Not My Department”.

“You might have thought that the EDPS would be interested to learn about the alleged GDPR non-compliance at an intergovernmental institution which processes large amounts of personal data relating to EU citizens.”In its response to the complaint filed about the EPO, the EDPS has now stated that it is powerless to investigate claims of GDPR non-compliance at the second largest European intergovernmental institution.

Instead it suggests to the complainants that they “could contact EPO directly [...] by sending an email to DPO@epo.org”.

The EDPS adds: “You can find this information in the company’s Privacy Policy, available here: EPO – Data protection & privacy.” (warning: epo.org link)

So as far as the EDPS is concerned, the EPO is a “company” rather than a public intergovernmental institution?

“So as far as the EDPS is concerned, the EPO is a “company” rather than a public intergovernmental institution?”Surely this is beyond a joke…

If EU citizens have a problem with the EPO’s failure to comply with GDPR, the only available solution is to complain to the EPO?

And that is going to fix things?

Sounds like somebody in Brussels needs a reality check… URGENTLY!!!

Here’s the text of the letter:

Our ref.: ██████████████

From: European Data Protection Supervisor

To: █████████████████

Date: Friday, April 16, 2021

Dear ███████████████

We are writing in response to your complaint submitted to the European Data Protection Supervisor (EDPS) on 11 March 2021.

We would like to point out that the EDPS is the independent authority of the European Union (EU) that deals with the supervision of the processing of personal data done by EU institutions and bodies[1]. In this sense, our tasks are similar to the tasks of national data protection authorities in the EU Member States, but apply only at the level of the European Union and its institutions[2].

We have analysed the matter raised in your message, and it appears that your request does not relate to the processing of personal data by EU institutions or bodies.

The EDPS has no supervisory competence over other international organisations. In consequence, we regret to inform you that your complaint, regardless its possible merits, falls outside the jurisdiction of the EDPS and we therefore do not have any authority to investigate it.

Please be informed that the seat agreements that the international organisations have with their host states usually grant them certain privileges and immunities. These often exclude the application of national law to the international organisation and therefore, the national data protection authority (DPA) of its host state may not be able to assist you either.

However, please be advised that you could contact EPO directly regarding your complaint by sending an email to DPO@epo.org. You can find this information in the company’s Privacy Policy, available here: EPO – Data protection & privacy.

Yours sincerely,

EDPS Secretariat

| Tel. (+32) 228 31900 | Fax +32(0)22831950 | ›
Email edps@edps.europa.eu
European Data Protection Supervisor
Postal address: Rue Wiertz 60, B-1047 Brussels
Office address: Rue Montoyer 30, B-1000 Brussels
@EU_EDPS www.edps.europa.eu

This email (and any attachment) may contain information that is internal or confidential. Unauthorised access, use or other processing is not permitted. If you are not the intended recipient please inform the sender by reply and then delete all copies. Emails are not secure as they can be intercepted, amended, and infected with viruses. The EDPS therefore cannot guarantee the security of correspondence by email.

[1] According to Regulation (EU) 2018/1725 (see https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX:32018R1725 ‘… the European Data Protection Supervisor, shall monitor the application of the provisions of this Regulation to all processing operations carried out by a Union institution or body…’ (see Article 1(3)). According to Article 3(10), the ‘Union institutions and bodies’ are the Union institutions, bodies, offices and agencies set up by, or on the basis of, the TEU, the TFEU or the Euratom Treaty (see http://europa.eu/about-eu/institutions-bodies/index_en.htm for a full list).

2 For example, like national data protection authorities we also provide advice to the legislator on new legislative proposals and on initiatives having an impact on data protection and privacy.

Data Protection Notice

According to Articles 15 and 16 of Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, please be informed that your personal data will be processed by the EDPS, where proportionate and necessary, for the purpose of investigating your complaint. The legal basis for this processing operation is Article 57(1)(e) of Regulation (EU) 2018/1725. The data processed will have been submitted by you, or from other sources during the inquiry of your complaint, and this may include sensitive data. Your data will only be transferred to other EU institutions and bodies or to third parties when it is necessary to ensure the appropriate investigation or follow up of your complaint. Your data will be stored by the EDPS in electronic and paper files for up to ten years (five years for prima facie inadmissible complaints) after the case closure, unless legal proceedings require us to keep them for a longer period. You have the right to access your personal data held by the EDPS and to obtain the rectification thereof, if necessary. Any such request should be addressed to the EDPS at edps@edps.europa.eu. Your data might be transferred to other EU institutions and bodies or to any third parties only where necessary to ensure the appropriate handling of your request. You may also contact the data protection officer of the EDPS (EDPS-DPO@edps.europa.eu), if you have any remarks or complaints regarding the way we process your personal data. You can find the full version of our data protection notice on complaint handling at: https://edps.europa.eu/data-protection/our-role-supervisor/complaints-handling-data-protection-notice_en.

___________________________
[1] According to Regulation (EU) 2018/1725 (see https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX:32018R1725 ‘… the European Data Protection Supervisor, shall monitor the application of the provisions of this Regulation to all processing operations carried out by a Community institution or body…’ (see Article 1(2)). According to paragraph 1 of the same article, the ‘Community institutions or bodies’ are the institutions and bodies set up by, or on the basis of, the Treaties establishing the European Communities (see http://europa.eu/about-
eu/institutions-bodies/index_en.htm for a full list).
[2] For example, like national data protection authorities we also provide advice to the legislator on new legislative proposals and on initiatives having an impact on data protection and privacy.

Notice the mistakes with the footnotes, the repetition, the odd formatting etc. A rushed job? Did they properly investigate the complaint at all? Or did they look for excuses to dismiss it upfront? Did they use a template that refers to the subject as “company” or do they seriously think EPO is now a for-profit corporation? And if so, are corporations above the law and above the state? Here’s the original [PDF] FWIW.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New

  1. IRC Proceedings: Wednesday, October 27, 2021

    IRC logs for Wednesday, October 27, 2021

  2. [Meme] False Choices and False Dichotomy Designed for Self-Harm

    The self-serving EPO surveys, which Benoît Battistelli and António Campinos design to justify their own policies, have severe flaws in them

  3. Links 27/10/2021: XOrg Server 21.1 and Makulu Shift Ubuntu Variant Released

    Links for the day

  4. Links 27/10/2021: Murena for /e/ and Red Hat Condemned for Its Nationalism/Racism

    Links for the day

  5. [Meme] EPO Presidential Surveys

    The 'social democracy' of Benoît Battistelli and António Campinos as demonstrated by a controlled survey (controlled by the subject of the survey, EPO governance)

  6. 'Shaping the New Normal' Survey at the EPO Got 5,554 EPO Staff to Participate, But It Was Controlled by Liars With an Agenda

    Last year’s EPO ‘study’ (hogwash about “quality” and other unscientific junk) was likely biased by virtue of autocrats controlling it and exploiting it for nefarious agenda and brainwashing of national delegates. The Staff Union of the EPO (SUEPO) has a new survey in the making.

  7. Many of the National Delegations (or Delegates) in the EPO's Administrative Council Have No Understanding of What They Vote on

    One must consider the possibility that ignorance or gullibility (which lack of qualifications may entail) possibly became a contributing factor — malice and bribery aside — in systemic failure of the EPO’s governance

  8. The EPO’s Overseer/Overseen Collusion — Part XXV: The Balkan League - Fresh Blood or Same Old, Same Old?

    We take stock of "captured states" that voted in favour of unlawful "Strike Regulations"

  9. IRC Proceedings: Tuesday, October 26, 2021

    IRC logs for Tuesday, October 26, 2021

  10. Beatriz Busaniche Speaks Up in Defense of Richard Stallman

    Beatriz Busaniche sent us this comment in July 2021. She wrote it originally in Spanish. Here are both the original text and our translation to English.

  11. Links 26/10/2021: SUSE Linux Enterprise Micro 5.1 and Multi-Distro Benchmarks

    Links for the day

  12. Links 26/10/2021: Vulkan 1.1 Conformance for Raspberry Pi 4 and Tor Browser 10.5.10

    Links for the day

  13. [Meme] Sounds Legit

    When not cheating on the wife, the EPO‘s “doyen” cheats in the exams and makes it into the epi Council, in effect working “[t]owards a common understanding [sic] of quality” with “patent attorneys nominated as “assessors” by the EPO, epi and BusinessEurope” (notorious lobbyists for dictators, litigation, and monopolies, neither business nor science)

  14. [Meme] Mayoral Patent Office Chief

    As it turns out, political 'double-dipping' isn't just a thing in North Macedonia, Austria, and EPOnia

  15. Romania's Patent Office (OSIM): Nine Different Chiefs in Just Eight Years

    The Romanian State Office for Inventions and Trademarks (OSIM), being the equivalent of the U.S. Patent and Trademark Office (USPTO) in the sense that it covers both patents and trademarks, is a very flaky institution with no shortage of scandals; for our English-reading audiences we now have a summary of a decade’s worth of blunders and leadership changes

  16. The EPO’s Overseer/Overseen Collusion — Part XXIV: The Balkan League - Romania

    Romania’s patent office has been in flux this past decade, occasionally led by people with no relevant experience, but rather political connections (like EPO President António Campinos) and sometimes forged documents and fake degrees

  17. IRC Proceedings: Monday, October 25, 2021

    IRC logs for Monday, October 25, 2021

  18. [Meme] “Social Democracy” at the EPO

    Some comments on the current situation at the European Patent Office from Goran Gerasimovski, the new EPO Administrative Council delegate for North Macedonia and Social Democratic candidate for mayor of Centar (a municipality of Skopje)

  19. [Meme] António Campinos Visits the OSIM

    António Campinos visits OSIM Director-General Ionel Muscalu in February 2014

  20. [Meme] [Teaser] Meet the President

    Later today we shall see what Romania did for Battistelli

  21. Links 26/10/2021: Latte Dock 0.10.3 and Linux 5.15 RC7

    Links for the day

  22. Gemini Protocol's Originator: “I Continue to Care About This Project and I Care About the Community That Has Formed Around It.”

    'Solderpunk' is back from a long hiatus; this bodes well for Geminispace, which grew fast in spite of the conspicuous absence

  23. Bulgarian Like Bavarian Serfdom

    Bulgarian politics seem to have played a big role in selecting chiefs and delegates who backed Benoît Battistelli‘s unlawful proposals, which treat workers almost like slaves and ordinary citizens as disposable ‘collaterals’

  24. The EPO’s Overseer/Overseen Collusion — Part XXIII: The Balkan League - Bulgaria

    Today we examine the role of Bulgaria in Benoît Battistelli‘s liberticidal regime at the EPO (as well as under António Campinos, from 2018 to present) with particular focus on political machinations

  25. Links 25/10/2021: New Slackware64-current and a Look at Ubuntu Budgie

    Links for the day

  26. Links 25/10/2021: pg_statement_rollback 1.3 and Lots of Patent Catchup

    Links for the day

  27. Microsoft GitHub Exposé — Part III — A Story of Plagiarism and Likely Securities Fraud

    Today we tread slowly and take another step ahead, revealing the nature of only some among many problems that GitHub and Microsoft are hiding from the general public (to the point of spiking media reports)

  28. [Meme] [Teaser] Oligarchs-Controlled Patent Offices With Media Connections That Cover Up Corruption

    As we shall see later today, the ‘underworld’ in Bulgaria played a role or pulled the strings of politically-appointed administrators who guarded Benoît Battistelli‘s liberticidal regime at the EPO

  29. IRC Proceedings: Sunday, October 24, 2021

    IRC logs for Sunday, October 24, 2021

  30. Links 25/10/2021: EasyOS 3.1 and Bareflank 3.0

    Links for the day

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts