Bonum Certa Men Certa

EPO and Microsoft Collude to Break the Law -- Part I (Start of Series): Enter the “Cloud of Unknowing…”

Previous parts:



Clown of the unknowing
According to Thomas Petri, Bavarian Data Protection Commissioner "nobody is really in charge" when it comes to data protection matters at the EPO



Summary: The first part of an important series; historically, EPO has always sent out aggressive lawyers to issue threats when we exposed EPO-Microsoft collusion

THIS Part I isn't the same as the introduction to Part I. This is the body of the long story, which will be told responsibly and prudently for the coming fortnight, several times per day. Without further ado, and in spite of suppression attempts, we start this series.






Back in June 2015, it was reported that the Bavarian Data Protection Commissioner, Dr Thomas Petri, and the Federal German Data Protection Commissioner, Andrea Vosshoff, had raised serious concerns about the state of data protection at the EPO.

According to the German press, Dr Petri had previously investigated the data protection framework at the EPO in the spring of 2014 following a complaint and he had come to the conclusion that it was seriously deficient.

Referring to the lack of any genuine independent oversight in data protection matters, Dr Petri stated: "It emerged that nobody was really in charge".

"An optimist might like to believe that things have surely improved since then. Unfortunately there is no evidence of this."He called for an external data protection supervisor to be assigned to the EPO because the internal inspectors were not independent enough and "in the absence of any action matters are likely to get out of hand".

An optimist might like to believe that things have surely improved since then. Unfortunately there is no evidence of this.

In the meantime the EPO seems to have just muddled along relying on its traditional "three monkeys" approach to "rebutting" external criticism of its data protection framework.

3 monkeys
The EPO's approach to "rebutting" criticism of its data protection framework: See no evil – hear no evil – speak no evil



For example, when the EU General Data Protection Regulation (GDPR) came into effect in May 2018 during the final days of the Benoît Battistelli régime, the EPO's response was to issue a self-serving communiqué (warning: epo.org link) proclaiming its commitment to "ensuring the highest level of data protection" and announcing that "a recent audit report has confirmed a close alignment with the GDPR legal framework".

"The reader is expected to take the EPO's claim at face value despite the fact that it is scarcely credible that an independent external audit could have arrived at such a conclusion."Of course no substantive information about the "recent audit report" was provided.

The reader is expected to take the EPO's claim at face value despite the fact that it is scarcely credible that an independent external audit could have arrived at such a conclusion.

If Dr Petri was of the considered opinion that the EPO's data protection framework was deficient when measured against pre-GDPR data protection standards, then it's difficult to see how the same framework which hadn't changed in the meantime could be considered meet the even more stringent data protection standards imposed by GDPR.

As a matter of fact, a report commissioned by the EPO staff union SUEPO from external legal experts in 2016 confirmed that the EPO's data protection framework was not compliant with EU data protection standards and was in urgent need of a radical overhaul.

But it's necessary to understand that we are dealing here with the logic of the "système Battistelli".

"Perish the thought that someone could be so impudent as to call for an independent audit…"If Battistelli insists that the EPO's data protection framework is GDPR-compliant, well then it has to be. Anybody who dares to question that claim had better watch out! Perish the thought that someone could be so impudent as to call for an independent audit…

And it would be a grave mistake to think that things have improved on this front following Battistelli's departure.

More recently in September 2020, the EPO published a notice on the topic of "Data privacy policy for the processing of personal data in Microsoft 365".

Once again the reader is assured:

"The protection of your privacy is of the utmost importance to the European Patent Office (EPO). We are committed to respecting and protecting your personal data and ensuring your rights as a data subject. All data of a personal nature (i.e. data that can identify you directly or indirectly) will be processed fairly, lawfully and with due care."

For good measure the well-rehearsed schtick about GDPR-compliance is trotted out:

"We strive to keep our data protection framework in line with current best practices. A recent audit report has confirmed that it is in close alignment with the EU’s General Data Protection Regulation (GDPR)."

But where is this mysterious "recent audit report"?

Is it the same one that Battistelli referred to over two years previously back in May 2018?

"But where is this mysterious "recent audit report"?"Of course you're not supposed to ask and if you have the temerity to do so, then you'd better not hold your breath waiting for an answer.

But when you peel away the PR façade, what the public notice of September 2020 does provide in terms of factual evidence is an irrefutable indication of the increasing reliance of the EPO on cloud computing services hosted by Microsoft.

In the next part we will see how this was confirmed by a recent internal communiqué from EPO Vice-President Steve Rowan (warning: epo.org link), formerly Director of Patents, Trade Marks, Designs and Tribunals at the UKIPO.

Recent Techrights' Posts

EPO Staff Explains Why It Cannot Issue EPC-Compliant European Patents (in Other Words, Why Many Fake Patents Get Issued)
chaos inside
 
Chris Rutter, Winchester College, Clare College choir, Arm Ltd, underage workers & Debian accidental deaths
Reprinted with permission from Daniel Pocock
Gemini Links 25/02/2024: Blocking Crawlers and Moving to gemserv
Links for the day
IRC Proceedings: Saturday, February 24, 2024
IRC logs for Saturday, February 24, 2024
Over at Tux Machines...
GNU/Linux news for the past day
[Meme] Objective Objection at the EPO
No more quality control
Links 24/02/2024: More Sanctions Against BRICS, Software Patents Squashed
Links for the day
Microsoft's Demise on the Server Side Continues Unabated This Month
Netcraft says so
Bonnie B. Dalzell Explains Her Experience With Richard Stallman
new essay
Gemini Links 24/02/2024: OpenBSD Advocacy and Nonfree Firmware Debated
Links for the day
Mark Shuttleworth & Debian Day Volunteer Suicide cover-up
Reprinted with permission from Daniel Pocock
IRC Proceedings: Friday, February 23, 2024
IRC logs for Friday, February 23, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Links 24/02/2024: EA Planning Layoffs and 'Liquor Regulators Are Seeking Revenge on Bars That Broke Pandemic Rules'
Links for the day
Gemini Links 24/02/2024: In Defense of Boilerplate and TinyWM Broke
Links for the day
Microsoft's Pearls of Wisdom: Layoffs Are Growth
Microsoft boss: layoffs are "long-term growth."
[Meme] Hide the Bodies
hiding EPO's role in funding Lukashenko
Josef Kratochvíl and All the European Patent Organisation's Chiefs (at the Administrative Council Too) Notified That Over 1,000 Members of Staff Demand Action on Patent Quality and Compliance (Industry Too is Alarmed That Many Invalid Patents Get Granted)
Huge corruption
Microsoft Lacks a Solid Strategic Plan Other Than Buying Its Own Stock (and Paying Staff in Shares)
Beware and be cautious of bubbles
Debian trademark canceled
Debian trademark canceled
Links 23/02/2024: Feed Aggregator and 2 Years of Invasion, Alexei Navalny’s Mother Blackmailed
Links for the day
Gemini Links 23/02/2024: Getting 'Sick' of Modern Tech and Deletion of One's Reddit Account
Links for the day
Links 23/02/2024: 227 Microsoft Layoffs Noted in Santa Clara and Disaster in Rivian
Links for the day
IRC Proceedings: Thursday, February 22, 2024
IRC logs for Thursday, February 22, 2024
Over at Tux Machines...
GNU/Linux news for the past day