Bonum Certa Men Certa
IRC Proceedings: Sunday, March 21, 2021 | EPO Board of Auditors is Incompetent and Patently Unfit for Purpose

EPO and Microsoft Collude to Break the Law -- The 'Smoking Gun': Hard Evidence That the EPO Has Been Lying About GDPR Compliance

What the EPO says:

EPO CA-20-19 page 49 of 88

Summary: The EPO's Annual Reports of the Board of Auditors help show that the cronies of Benoît Battistelli have been lying all along about GDPR compliance; António Campinos is, as expected, just another one of those Battistelli cronies, in effect passing EPO funds into a gambling black hole and overseas violators of everybody's privacy

We have managed to track down copies of the "audit reports" which allegedly confirm a close alignment between the EPO's data protection framework and the GDPR.



As far as we have been able to work out, the "audit reports" that the EPO refers to in its data protection "puff pieces" are the annual reports of the supposedly independent Board of Auditors (warning: epo.org link). One of these "independent" auditors is Battistelli's old crony from the INPI, Frederic Angermann.

" One of these "independent" auditors is Battistelli's old crony from the INPI, Frederic Angermann."Anyway, the annual audit report is usually issued as Administrative Council document no. 20 at the end of April or beginning of May each year.

So for 2020, the document is numbered CA/20/20 [PDF].

For 2019 it is CA/20/19 [PDF] and for 2018, the reference number is CA/20/18 [PDF].

"From this it can be seen that the the annual reports of the Board of Auditors just parrot the party line of EPO management..."We've made local copies as we want this to last and remain unchanged, just in case something mischievous was to happen at the EPO's end. As happened in the past...

The documents are publicly available via the official webpage of the Council (warning: epo.org link) and can be found using the search keyword "auditors".

The first mention of GDPR is in the 2018 audit report, CA/20/18, on page 6 of 81:

42) As of 25 May 2018, a new, uniform General Data Protection Regulation (GDPR) on data privacy will apply across the European Union (EU) to all organisations collecting and/or processing data from EU residents. 43) On July 2017, the President issued a task force with a mandate to assess the potential impact of this new EU GDPR on the EPO's current data protection guidelines. 44) It is noted that the EPO's current data protection guidelines are relatively closely in line with the new GDPR. However, an action plan is in place to address the potential impact of the GDPR on the EPO.


EPO CA-20-18 page 6 of 81

The 2019 audit report, CA/20/19, contains the following statement:
259) The new European General Data Protection Regulation (GDPR) has been in force since 25 May 2018. Even though the EU regulations do not directly apply to the EPO as an international organisation, basic principles have been implemented, as European citizens' data is processed at the EPO.


It then goes on to talk about a the implementation of a "data protection register to record all the processing operations carried out on personal data" which can be accessed by EPO employees on the EPO intranet. It is not accessible to external data subjects but external parties can make a data subject access request "thus ensuring the right to information". This is followed by a recommendation that data protection register needs to be updated and to be completed in order to ensure that all relevant information is available.

The report then states that the EPO's IT department, referred to as IM (= Information Management) is "only involved in the GDPR analysis on a high-level basis" and that IM does not prepare the necessary implementation, such as deletion concepts.

This section of the report concludes with a recommendation to include IM much more in the GDPR evaluation "to ensure that technical and organisational measures are addressed adequately. Additionally technical solutions need to be evaluated."

The 2020 audit report, CA/20/20, contains a section entitled "Analysis of implementation of GDPR requirements in the HR area" on page 7 of 89. According to this:

41. Since the Office, as an international organisation that does not fall under the EU regulations, is not subject to the General Data Privacy Regulation (hereinafter: "GDPR"), the internal "Guidelines for the protection of personal data" were developed and introduced by the Office with the latest revision in 2014. The abovementioned guidelines are very close to the requirements of the GDPR and Regulation (EU) 2018/1725 and as such are to be implemented and followed by the Office.


EPO CA-20-20 page 7 of 89

There are two short paragraphs explaining that "audit procedures were carried out in respect of the adherence of the Office to the requirements of the above-mentioned guidelines within the HR area" and that the audit "resulted in a number of recommendations", such as the need to update the Data Protection Registry and to define retention and deletion periods and actions for events such as retirement and leaving the Office.

"There hasn't actually been any independent audit of the EPO's data protection framework to determine the level of GDPR compliance."Additionally, it recommends that "the awareness of the responsibilities of controllers in terms of data protection topics should be raised, and regular training sessions should be held for the HR department, as well as for other departments working with the personal data, to inform them about critical areas in the data protection process."

From this it can be seen that the the annual reports of the Board of Auditors just parrot the party line of EPO management according to which "the EPO's current data protection guidelines are relatively closely in line with the new GDPR" (CA/20/18) and "the internal 'Guidelines for the protection of personal data' [which] were developed and introduced by the Office with the latest revision in 2014 ... are very close to the requirements of the GDPR and Regulation (EU) 2018/1725" (CA/20/20).

There hasn't actually been any independent audit of the EPO's data protection framework to determine the level of GDPR compliance.

All that we have are bald assertions of GDPR compliance by EPO management which have been rubber-stamped by the auditors without further ado.

"All that we have are bald assertions of GDPR compliance by EPO management which have been rubber-stamped by the auditors without further ado."Given that EPO management claimed at the time of adoption of the EPO's internal "Guidelines for the protection of personal data" in 2014 that they were closed aligned to the earlier EU Regulation (EC) 45/2001, it remains to be explained how these same Guidelines could now manage to be compliant with the GDPR which was not adopted by the EU until 2016 and entered into force in 2018.

Of course it's complete nonsense but as long as nobody actually goes to the trouble of carrying out an independent audit who's going to notice anything?

IRC Proceedings: Sunday, March 21, 2021 | EPO Board of Auditors is Incompetent and Patently Unfit for Purpose

Recent Techrights' Posts

GNU/Linux Still up (statCounter Says to 6%) in Bosnia And Herzegovina
Let's see where it is at year's end
Making Layout Changes
Feedback can be sent to us
Behind an Economy of Fake 'Worths' and Fictional 'Valuations' or 'Market Caps'
They normalise white-collar crime and say "everyone is doing it!"
Links 18/01/2026: "South Africa is Running Out of Software Developers", Companies Spooked to Find Slop is a Major Liability
Links for the day
Place Your Bets: Who Will Die First? Microsoft or IBM?
Not even joking; make a guess
Restoring Professional Pride in the Tech Sector
Rejecting slop isn't being a Luddite
Slop Bubble "Is Worse Than The Dot Com Bubble"
Edward Zitron Says It like it is
IRC Proceedings: Saturday, January 17, 2026
IRC logs for Saturday, January 17, 2026
Microsoft Lunduke Keeps Distracting From the Real Problems With Rust
Microsoft Lunduke is stigmatising critics
 
IBM is Not a Free Software Company (It Never Was)
Red Hat's main product, RHEL, is full of secret sauce and has 'secret recipes' (it is basically proprietary)
IBM Turning Up the 'RTO' (Stress) and 'PIP' (Fear) Heat on Workers, Rebellion May be Brewing
Sometimes it feels like today's executives at IBM view IBM workers as a liability
Links 18/01/2026: Indonesia Against Comedy, Media-Hostile (Censors Comedians) Convicted Felon in White House Defecting to Opponents of NATO
Links for the day
Eventually the Joke (and Financial Fraud) is on Microsoft, Stigmatised for Slop
Is Microsoft trying to commit suicide?
GNU/Linux Leaps to All-time Highs in Virgin Islands
it seems to have started around the "end of 10"
'Cancel Culture' Doesn't Work (in the Long Run)
Despite all the attacks, I'm enjoying life, I'm keeping productive, and our audience continues to grow
Making and Keeping the Sites Accessible
Sometimes less does mean "more" (or "MOAR")
The "Alicante Mafia" - Part IV - How Europe's Largest Patent Office Recruited Drug Addicts, Antisemites, and People Who Absolutely Cannot Do the Job (But Know the 'Right' People)
To better overlap industrial actions we might delay/postpone/pause this series for a bit
Benefiting by Adding Presence in Geminispace
As the Web gets worse, not limited to bloat as a factor, people seek alternatives
Google News Recently Started Syndicating Another Slopfarm, Linuxiac
Even if Google is aware that there is slop there, it's hard to believe that Google will mind
Software Patents and USMCA (or NAFTA)
We recently pondered going back to issuing 2-3 articles per day about patents and common issues with them
IBM Sued Over PIPs
PIPs are "performance improvement plans"
Sites With "Linux" in Their Name That Are in Effect Slopfarms and Issue Fake Articles
We try to name some of the prolific culprits
Gemini Links 18/01/2026: Raising Notifications From Terminal and Environmental Sanity
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
Links 17/01/2026: Internet Blackout Normalised, Russian Attacks Civilians by Causing Massive Blackouts
Links for the day
Linuxiac Has Become a Slopfarm, Calling Them Out Isn't Fixing That
What a shame. A once-decent site about "Linux" bites the dust.
Luzern Lion Monument, Albanian Female Whistleblowers: Swiss jurists were cowards
Reprinted with permission from Daniel Pocock
The Splinternet is Already Here, Owing to the Militarisation of Technology (Slop, Social Control Media, Back Doors, and More)
you know what's gonna happen next...
Stack Ranking Against IBM/Red Hat Staff and a Signal of Mass Layoffs (RAs) Justified by Red Hat and IBM as Poor Performance/Misconduct/Other
Working in an atmosphere like this sounds like a nightmare
Gemini Links 17/01/2026: Slow computing and Environment Leak
Links for the day
Links 17/01/2026: US Censorship and Violence Crisis, Growing Anger Levels Against Slop Sold as "Intelligence"
Links for the day
Microsoft's "valuation depends on infrastructure that does not exist."
Indeed
The Typical Trajectory: Datamation Began Experimenting With LLM Slop for Fake Articles. Then Datamation Died. (Last Month)
It's always ending up this way
Accounts or Devices (e.g. Phones) That Get 'Burnt' Have Many Pitfalls
Embassies and consulates habitually fail at this
Avoiding the Spooks (Nobody Watches the Watchers, They're Practically Unaccountable)
If more people adopt encryption, it'll be easier for us to deal with whistleblowers
Protecting Whistleblowers Requires Technical Knowledge/Skills
even the highest media judges aren't aware of how to protect sources
At Least 5 Women Quit Brett Wilson LLP in Recent Months. It's the Firm That Attacked My Wife and I on Behalf of Americans (One of Them Strangled Women).
It seems like good news that the women escape this workplace
Slop About Slop and Slop About "Linux"
In short, avoid slopfarms
Report/Benchmark Says 'Vibe Coding' Results in Security Holes
There are risks they don't like talking about
EPO Abuses Covered in Spanish
Knowing what we know (and heard/saw), the sinister silence of the media is perceived by some to be complicity of the lower order.
Richard Stallman Encourages "ICE Out For Good" Protests, His Opponents Do Not (Passive and Uncaring About Human Rights)
He has done a lot philosophically, politically, and so on
Record Traffic in Geminispace or Over Gemini Protocol
it's never too late to join
The "Alicante Mafia" - Part III - Europe's Second-Largest Organisation on Strike, Protests, Other Industrial Actions to Come Impacting Over 95% of the Workforce
The EPO's management is highly evasive, weak, and vulnerable
Claim That IBM Marked 15% of its Workforce for Potential Layoffs
No wonder we keep hearing from Red Hat people who say they hate IBM
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, January 16, 2026
IRC logs for Friday, January 16, 2026
Great Reset at IBM, the Company That Pulps Red Hat
In 2026 many workers are RTO'ed, PIP'ed, and at Red Hat many have effectively 'left the company' and now start afresh as "IBM" staff
The "Alicante Mafia" - Part II - Breakout of Discontent This Winter in Europe's Second-Largest Organisation
So far we've caused a lot of panic and stress inside Team Campinos
The "Alicante Mafia" - Part I - An Introduction to the Mafia Governing the EPO
Are some people 'evacuating' themselves to save face?
J.H.M. Ray Dassen & Debian, Red Hat, GNOME unexplained deaths
Reprinted with permission from Daniel Pocock
At Microsoft, "Firing People is a "Cheat Code" to Pump the Stock Short-term But They Are Literally Destroying the Company's Soul Long-term."
They frame layoffs as a "success story"
Gemini Links 16/01/2026: "Porting My Main Website Over to Gemini" and Seeed Studio DevBoard
Links for the day
IBM Stacked and Ranked Badly, Maladministration Dooms the Company
Now they stack people up for PIPs and layoffs ("RAs")
Google News Poisons Its Own Index With More Slopfarms (Including "filmogaz")
Naming and shaming lazy slobs who rip off other people using LLMs can work, eventually
Links 16/01/2026: UK Royal Family's "Legal Team Accused of Dishonesty, Fraud and Misconduct", OSI Still Controlled by Microsoft (the OSI's Spokesperson is on Microsoft's Payroll, Not Interim Executive Director, Deborah Bryant)
Links for the day
Writing About Corruption
Fraud is everywhere
The B in IBM is Brown-nosing and Buzzwords (or Both)
International Buzzwords Machines
Naming Culprits in Switzerland
Switzerland is highly secretive about white-collar crime
IBM's 'Scientific-Sounding' Tech-Porn Won't Help IBM Survive (or Be Bailed Out)
Who's next in the pipeline?
IBM Was Never the Good Guy
its original products were used for large-scale surveillance, not scientific endeavours
The Bluewashing is Making Red Hat Extinct (They All Become "IBM", Little by Little)
IBM does not care what's legal
Slopfarms Push Fake News About Microsoft Shutdown, 30,000+ Microsoft Layoffs Last Year Spun as Only "15,000"
The Web is seriously ill
Countries Take Action Against Social Control Media and 'Smart' 'Phones', Not Slop (Plagiarised Information Synthesis Systems or P.I.S.S.)
None of this is unprecedented except the scale and speed of sharing
Sanitised Plagiarism as "AI" (How Oligarchy Plots to Use Slop to Hide or Distract From Its Abuses, or Cause People Not to Trust Anything They See/Read Online)
This isn't innovation but repression
Sites That Expose Corruption Under Attack, Journalism Not Tolerated Anymore (the Super-Rich Abuse Their Wealth and Political Power)
Sometimes, albeit not always, the harder people try to hide something, the more effective and important it is for the general public
Recent Layoffs at Red Hat (2026 the Year of Ultimate Bluewashing)
I found it amusing that Red Hat's CEO has just chosen to wear all blue, as if to make a point
Links 16/01/2026: Social Control Media Curbs in Australia Underway, MElon Still Profiting by Sexualising Kids 'as a Service'
Links for the day
More People Nowadays Say "GNU/Linux"
We still see many distros and even journalists that say "GNU/Linux"
LLM Slop on the Web is Waning, But Linuxiac Has Become a Slopfarm
I gave Linuxiac a chance to deny this or explain this; Linuxiac did not
More Signs of Financial Troubles at Microsoft, Europe Puts Microsoft Under Investigation
The end of the library is part of the cuts
Team Campinos Talks About SAP Days Before EPO Industrial Actions and a Day Before the "Alicante Mafia" Series (About Team Campinos Doing Cocaine)
EPO staff that isn't morally feeble will insist on objecting to illegal instructions
Pedophilia-Enabling Microsoft Co-founder Cuts Staff
Compensating by sleeping with young girls does not make one younger
Microsoft Shuts Down Campus Library, Resorts to Storytelling About "AI" to Spin the Seriousness of It
Microsoft is in pain
Free Software Foundation (FSF) Back to Advertising the Talks of Richard Stallman
A pleasant surprise
Stack(ed) Rankings and Ongoing Layoffs at Red Hat and IBM (Failure to Keep Staff Acquired by IBM)
IBM is mismanaged and its sole aim is to game the stock market (by faking a lot of things)
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, January 15, 2026
IRC logs for Thursday, January 15, 2026
Gemini Links 16/01/2026: House Flood and Pragmatic Retrocomputing Dogfooding
Links for the day