Bonum Certa Men Certa

The EPO Bundestagate -- Part 4: Parroting the GDPR-Compliance Myth

Series index:

  1. The EPO Bundestagate -- Part 1: How the Bundestag Was (and Continues to be) Misled About EPO Affairs
  2. The EPO Bundestagate -- Part 2: Lack of Parliamentary Oversight, Many Questions and Few Answers…
  3. The EPO Bundestagate -- Part 3: A “Minor Interpellation” in the German Bundestag
  4. You are here ☞ Parroting the GDPR-Compliance Myth


EPO's GDPR-Compliance Myth
What could possibly have led the German government to parrot the EPO's bogus and self-serving claims about GDPR-compliance?



Summary: The EPO had been in violation of GDPR (EU) for years, both under Benoît Battistelli and António Campinos; but the lies persisted

Back in October 2019, the FDP submitted another "minor interpellation" entitled "Data protection in relation to cooperation with the EPO" ("Datenschutz bei EPA-Zusammenarbeit" - Bundestag Printed Paper [PDF] no. 19/14490).



This interpellation contained a series of questions relating to the EPO's data protection framework, in particular in the context of data exchanges with national authorities such as the German Patent & Trademark Office.

"This interpellation contained a series of questions relating to the EPO's data protection framework, in particular in the context of data exchanges with national authorities such as the German Patent & Trademark Office."Under point 7. of the interpellation, the FDP explicitly raised the issue of the compliance of the EPO's data protection framework with the GDPR (which had entered into force over a year previously in May 2018).

The relevant passage of the interpellation reads as follows (in translation):

According to the knowledge of the Federal Government, is data processing at the EPO compliant with the provisions of the GDPR, or does it have any indications that would suggest a deviation from GDPR regulations?


The response of the Federal Government was published on 12 November 2019 (Bundestag Printed Paper [PDF] no. 19/15072).

The passage of the response which addresses point 7. of the FDP's interpellation reads as follows (in translation):

The Federal Government has no indication that the EPO does not comply with the provisions of the European data protection standards. The Board of Auditors of the European Patent Organisation, which is appointed by the Administrative Council under Article 49(1) EPC and carries out its activities in accordance with Articles 49 and 50 EPC and its Rules of Procedure and professional auditing standards, stated the following in its audit report for the financial year 2018 (document CA/20/19) (warning: epo.org link). Although the EPO, as an international organization, is not directly subject to EU rules, the basic principles of the GDPR have nevertheless been implemented, as data of European citizens are processed at the EPO. In addition, it was noted that for the sake of transparency, the EPO has already established a data protection register in the past to record all processing of personal data. Upon request, the information can be made available (publicly) to the data subject, thus ensuring the right to information.


The government's response is another classic piece of hand-waving and obfuscation about the atrociously deficient state of the EPO's data protection framework.

It is however worth looking at this response more closely because it seems to have come straight from the EPO's internal "echo chamber". There is very little evidence of any independent thought or research on the part of those responsible for drafting the government's statement of its position.

"It seems that the reader is supposed to accept these assertions on "blind faith"."What is particularly noteworthy is the fact that the German government appears to rely solely on the EPO's internal audit report for the financial year 2018 (CA/20/19) (warning: epo.org link) as the basis for its "considered opinion" that the EPO's data protection framework is GDPR-compliant.

There's just one small problem here.

Neither CA/20/19 nor any other internal "audit report" from the EPO contains a meaningful substantive assessment of the organisation's data protection framework and its purported compliance with GDPR standards.

The available audit reports from the EPO (CA/20/18, CA/20/19, CA/20/20) (warning: all are epo.org links) only contain cursory self-serving assertions to the effect that the organisation's data protection framework is "relatively closely aligned" with EU data processing regulations - whatever that is supposed to mean.

What is conspicuously absent is a credible independent audit of the EPO's data protection framework that could be considered to substantiate the self-serving assertions emanating from the EPO's senior management.

It seems that the reader is supposed to accept these assertions on "blind faith".

"For this reason it's a bit disconcerting to see the Federal Government of Germany still parroting the EPO's manifestly bogus and self-serving assertions about GDPR-compliance in such a naïve and uncritical manner in November 2019."However, this becomes difficult when it is recalled that back in 2016 the EPO staff union (SUEPO) commissioned a report about various aspects of EPO governance from external legal experts.

This report dated 31 May 2016 - which is publicly available - found that the EPO's data protection framework was not compliant with EU data protection standards and that it was in urgent need of a radical overhaul.

Nothing of substance has changed since May 2016.

For this reason it's a bit disconcerting to see the Federal Government of Germany still parroting the EPO's manifestly bogus and self-serving assertions about GDPR-compliance in such a naïve and uncritical manner in November 2019.

In the next part we will consider how this curious state of affairs came about.

Recent Techrights' Posts

Weaponisation of For-Profit Dockets - Part I: Hiding Behind Lawyers (or Guns for Hire) After Abusing Many People and Even Strangling Women While Microsoft Paid Salaries
This whole thing is very typical of the Microsoft and Bill Gates mindset
From EPO to "MAGA Regime": A Shift Away From Reality to Fake News and False Metrics
Disbelief in itself isn't a bad thing; but the problem is that people are taught to believe rich people in suits more than they believe others
Skype is Officially Dead Today and This is Why People Should Use Free Software Instead (Goodbye, Microsoft)
It's also a good reminder of why people should move to GNU/Linux
'Simple Articles' in MyGemini Just One of Many New 'Sites' in Geminispace
Geminispace has grown fast lately; it's turning 6 next month
 
Links 06/05/2025: LLMs/Chatbots Attract More Scrutiny (Getting Worse Over Time), PwC Has Many Layoffs
Links for the day
Thanks for listening. How can this Morse feed be further improved?
Right now any and all feedback on the audio would be helpful
statCounter: Bing's Market Share Lower Right Now Than It Was When LLM Hype Began (With "Bing Chat")
If anybody gains at Google's expense in search, it is BRICS' alternatives such as Yandex
Gemini Links 06/05/2025: Failure and Proxmox Cluster
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, May 05, 2025
IRC logs for Monday, May 05, 2025
Links 05/05/2025: TikTok Still a Romanian Woe/Foe, Signal Perils Showing
Links for the day
Gemini Links 05/05/2025: Debian and GNOME and a "Welcome to Simple Articles"
Links for the day
Links 05/05/2025: US Economy Shrinks, US Presidency Spreading Deepfakes
Links for the day
Links 05/05/2025: Breaches, Environment, and Conflicts
Links for the day
SUSE the Company Now Uses LLM Slop to 'Write' Its Blog, What Does That Tell Us About SUSE?
There are many giveaways
Richard Stallman is in Alicante Today to Give a Talk, Czech Republic in Two Days (Wednesday)
Of course he can deliver the talk in Spanish
Gemini Links 05/05/2025: XL Bullies and Luddites
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, May 04, 2025
IRC logs for Sunday, May 04, 2025
Links 04/05/2025: Science, Conflicts, and Monopolies
Links for the day
GNU/Linux Above 7% in Bulgaria, Rising Just Like in Most of Europe
Up to 7%, not counting Chromebooks
Data Shows Largest EU Economies Shifting to GNU/Linux
all-time highs
statCounter Says Only One in 6 Web-Connected Clients in Hungary Are Using Windows, iOS Almost Bigger Than Windows Now
Hungary is a cautionary tale in the world of European (or Russian) politics
Many Reports About Microsoft's Financial Report/Performance Are False, Fake News, Churnalism/Parroting, and LLM Slop (Machine-Generated Lies)
Even if you see a thousand sites saying that Microsoft is performing well ask yourself why the company is rushing to fire tens of thousands of workers and cancelling datacentres
Links 04/05/2025: FCC Turning Into MAGA’s Censoring Machine, SEC Pressured to Delist Chinese Companies
Links for the day
Gemini Links 04/05/2025: Historical Artifacts and Date Calculations in POSIX Shell
Links for the day
In the First 3 Months of 2025 GAFAM Debt Rose by More Than $14.4 Billion
That's based on their official statements
10-Step Strategy to Get BRETT WILSON LLP ("Gun for Hire"), Microsoft's Serial Strangler, and the Serial Defamer to Compensate Techrights and Tux Machines for Years of SLAPPs and Abusive Litigation
There's no room or capacity for forgiveness here; enablers and protectors of crime need to be scuttled and pay up in full
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, May 03, 2025
IRC logs for Saturday, May 03, 2025