Previous parts:

• EPO and Microsoft Collude to Break the Law -- Part I (Intro): A Fresh Data Protection Scandal Brewing at the EPO?
• EPO and Microsoft Collude to Break the Law -- Part I (Start of Series): Enter the “Cloud of Unknowing…”
• EPO and Microsoft Collude to Break the Law -- Part II: Steve Rowan Announces Microsoft “Outlook Migration”
• EPO and Microsoft Collude to Break the Law -- Part III: The PATRIOT Act and Mass Surveillance
• EPO and Microsoft Collude to Break the Law -- Part IV: The US CLOUD Act Passes Without Public Debate
• EPO and Microsoft Collude to Break the Law -- Part V: The EU GDPR
• EPO and Microsoft Collude to Break the Law -- Part VI: A Not-so-safe Harbour
• EPO and Microsoft Collude to Break the Law -- Part VII: Lipstick on a Pig…
• EPO and Microsoft Collude to Break the Law -- Part VIII: The Aftermath of Schrems II in Europe
• EPO and Microsoft Collude to Break the Law -- Part VIII Addendum
• EPO and Microsoft Collude to Break the Law -- Part IX: Know Your Vendor…
• EPO and Microsoft Collude to Break the Law -- Part X: The Spectre of GDPR…
• EPO and Microsoft Collude to Break the Law -- Part XI: Close Encounters With the Trust-busters…
• EPO and Microsoft Collude to Break the Law -- Part XII: Foreign Corrupt Practices, Bid Rigging and “Slush Funds”
• EPO and Microsoft Collude to Break the Law -- Part XII: Corruption Addendum
• EPO and Microsoft Collude to Break the Law -- Part XIII: A Global 'IP' Player
• YOU ARE HERE ☞ When is a Conflict of Interest Not a Conflict of Interest?

Summary: Could the EPO's increasing reliance on Microsoft involve a conflict of interest?

If Lewis Carroll's Humpty Dumpty had ever managed to visit the bizarre "Wonderland" of the EPO he might have been tempted to formulate a new riddle along the lines of: "When is a conflict of interest not a conflict of interest?"

"To begin with there is Microsoft's chequered history of data protection infractions, anti-trust violations and US FCPA investigations."The answer, it seems, is: "When it involves the EPO".

At any rate, this kind of paradoxical "logic" fits the bill when it comes to the EPO's increasing reliance on Microsoft as a provider of IT products and services.

The casual observer looking at the situation from the outside might reasonably conclude that there are a whole host of legitimate concerns including strong indications of an irreconcilable conflict of interest.

To begin with there is Microsoft's chequered history of data protection infractions, anti-trust violations and US FCPA investigations.

But even if one were inclined to ignore all that, there is a more fundamental problem.

To put it in a nutshell: due to the company's position as a significant player in the global IP arena, Microsoft's role as a key IT provider to the EPO seems to be tainted by an inherent conflict of interest.

The situation might not be so precarious if Microsoft was simply a purveyor of computing hardware or a vendor of client-end data processing software for on-site data processing under the control of the EPO.

But the company's role at the EPO has now expanded far beyond that to the provision of cloud-based data processing services, including the processing of much if not all of the EPO's internal communications via Outlook, Microsoft Teams and Skype for Business.

What we have here could be described in simple terms as the large-scale export of operational data, including internal e-mail and video-conferencing communications, from the EPO to an external data processing infrastructure owned by and operated under the control of Microsoft.

It doesn't need an MBA from the Harvard Business School to realise that placing such sensitive internal operational data directly into the hands of a significant player in the global IP arena is a highly questionable undertaking.

Based on its track record to date, EPO management will undoubtedly defend its actions by arguing that Microsoft can be trusted to "do the right thing".

Microsoft will undoubtedly "do the right thing". The only question here is "the right thing for whom?"

Remember that we are talking here about a private for-profit business corporation with a well-documented track record of engaging in anti-competitive practices and other ethically dubious activities. Can any sane person be realistically expected to trust a company with such an egregious track record of data protection infractions, anti-trust violations and US FCPA investigations?

There should be more than enough warning signs here to set off alarm bells in the competent centres of oversight and governance. However, going by Steve Rowan's recent communiqué, nobody in the upper echelons of EPO management seems to be particularly worried.

Unfortunately, past experience over the last decade and a half has shown that the EPO doesn't deal with conflict-of-interest situations very well.

The rot seems to have really set in (for good) back in 2009 when the Administrative Council voted to appoint its then Chairman, Battistelli, as the executive head of the Office. At the time in question, Battistelli was an elected representative for a political party in France, which should have automatically disqualified him from holding such a position in an international organisation. But the Administrative Council remained oblivious to this glaring conflict of interest.

According to the internal EPO rumour mill, Battistelli had his successor as Chair of the Administrative Council, the Danish delegate Jesper Kongstad, quite literally "in his pocket". Kongstad reportedly received a secret "emolument" from Battsitelli's HR department in the form of the equivalent of an EPO principal director's salary -- a generous monthly tax-free sum of five-figure proportions.

One of Battistelli's first moves as President of the Office was to procure the abolition of the independent Audit Committee which reported directly to the Administrative Council.

It's highly ironic that one of the intended functions of the Audit Committee was to advise the Administrative Council about potential conflicts of interest. Now that it has been disbanded, there is no longer anybody around to warn the Council.

Given this background, it's not really surprising that the increasing reliance of the EPO on Microsoft as an IT provider hasn't generated any visible concern in the ranks of the organisation's senior management and governance bodies.

Did "foreign corrupt practices" play a role in the award of EPO contracts to Microsoft? The opacity of the tendering process makes it difficult to give an answer to such questions.

Another remarkable aspect of the present case is the total opacity of the process that led to the award of the contract or contracts for cloud computing services to Microsoft.

It's not clear how much these contracts are worth and whether they were put out to public tender, or whether they were allocated by "direct award".

We also don't know who exactly was responsible for the internal vetting of these procurement decisions, although it seems fair to assume that they were ultimately approved and signed off by the President of the Office, António Campinos.

Whether or not Campinos was properly advised in the matter is of course a completely different question.

Readers of Techrights may recall that back in 2015, reports were circulating ([1] and [2]) about a programme of "closer cooperation" between the EPO's senior management and some of its leading corporate applicants, in particular Microsoft.

This arrangement attracted a lot of criticism at the time and many people quite rightly questioned whether it was appropriate for the EPO to be engaging in what amounted to a favourable treatment of large multinational corporations like Microsoft.

The recent expansion of Microsoft's business relationship with the EPO has caused some people to speculate about whether the latest developments might not have been influenced by a further programme of "enhanced cooperation" involving "foreign corrupt practices".

It is important to emphasise that there is currently no hard evidence of any "kickbacks" or "slush funds" operated by Microsoft at the EPO. For the moment, any such suggestions are based purely on speculation.

On the other hand, Microsoft's well-documented track record in other jurisdictions means that such speculation cannot be dismissed as completely off the wall.

The EPO is plagued by an entrenched culture of opacity and non-accountability which makes a credible investigation into suspected irregularities almost impossible

However, the problem here is that the EPO is plagued by such a deeply entrenched culture of opacity and non-accountability that if these procurement decisions had in fact been tainted by corruption, it is highly unlikely that this would ever be investigated and exposed, especially if any members of the senior management were involved.

It is doubtful whether the EPO's internal investigative procedures are really fit for purpose in such cases, and there is no external anti-corruption agency which would be competent to take appropriate action.

To sum up, we are left with a situation in which procurement decisions have been made at the EPO which effectively place sensitive internal operational data directly into the hands of an external IT service provider based in the US and subject to the laws of that jurisdiction -- including the US CLOUD Act of 2018.

In addition to this, the IT service provider in question happens to be a significant player in the global IP game.

At the same time, none of those who bear the ultimate responsibility for these procurement decisions seem to have the slightest concern about what appears to be a clear-cut case of a conflict of interest.

As Lewis Carrol's Alice might have said, "curiouser and curiouser!"

In the final part of the series we will consider whether the EPO's increasing reliance on cloud computing services hosted by Microsoft has effectively led to a sell-out of the organisation's "digital sovereignty". ⬆