Bonum Certa Men Certa

The EPO Bundestagate -- Part 4: Parroting the GDPR-Compliance Myth

Series index:

  1. The EPO Bundestagate -- Part 1: How the Bundestag Was (and Continues to be) Misled About EPO Affairs
  2. The EPO Bundestagate -- Part 2: Lack of Parliamentary Oversight, Many Questions and Few Answers…
  3. The EPO Bundestagate -- Part 3: A “Minor Interpellation” in the German Bundestag
  4. You are here ☞ Parroting the GDPR-Compliance Myth


EPO's GDPR-Compliance Myth
What could possibly have led the German government to parrot the EPO's bogus and self-serving claims about GDPR-compliance?



Summary: The EPO had been in violation of GDPR (EU) for years, both under Benoît Battistelli and António Campinos; but the lies persisted

Back in October 2019, the FDP submitted another "minor interpellation" entitled "Data protection in relation to cooperation with the EPO" ("Datenschutz bei EPA-Zusammenarbeit" - Bundestag Printed Paper [PDF] no. 19/14490).



This interpellation contained a series of questions relating to the EPO's data protection framework, in particular in the context of data exchanges with national authorities such as the German Patent & Trademark Office.

"This interpellation contained a series of questions relating to the EPO's data protection framework, in particular in the context of data exchanges with national authorities such as the German Patent & Trademark Office."Under point 7. of the interpellation, the FDP explicitly raised the issue of the compliance of the EPO's data protection framework with the GDPR (which had entered into force over a year previously in May 2018).

The relevant passage of the interpellation reads as follows (in translation):

According to the knowledge of the Federal Government, is data processing at the EPO compliant with the provisions of the GDPR, or does it have any indications that would suggest a deviation from GDPR regulations?


The response of the Federal Government was published on 12 November 2019 (Bundestag Printed Paper [PDF] no. 19/15072).

The passage of the response which addresses point 7. of the FDP's interpellation reads as follows (in translation):

The Federal Government has no indication that the EPO does not comply with the provisions of the European data protection standards. The Board of Auditors of the European Patent Organisation, which is appointed by the Administrative Council under Article 49(1) EPC and carries out its activities in accordance with Articles 49 and 50 EPC and its Rules of Procedure and professional auditing standards, stated the following in its audit report for the financial year 2018 (document CA/20/19) (warning: epo.org link). Although the EPO, as an international organization, is not directly subject to EU rules, the basic principles of the GDPR have nevertheless been implemented, as data of European citizens are processed at the EPO. In addition, it was noted that for the sake of transparency, the EPO has already established a data protection register in the past to record all processing of personal data. Upon request, the information can be made available (publicly) to the data subject, thus ensuring the right to information.


The government's response is another classic piece of hand-waving and obfuscation about the atrociously deficient state of the EPO's data protection framework.

It is however worth looking at this response more closely because it seems to have come straight from the EPO's internal "echo chamber". There is very little evidence of any independent thought or research on the part of those responsible for drafting the government's statement of its position.

"It seems that the reader is supposed to accept these assertions on "blind faith"."What is particularly noteworthy is the fact that the German government appears to rely solely on the EPO's internal audit report for the financial year 2018 (CA/20/19) (warning: epo.org link) as the basis for its "considered opinion" that the EPO's data protection framework is GDPR-compliant.

There's just one small problem here.

Neither CA/20/19 nor any other internal "audit report" from the EPO contains a meaningful substantive assessment of the organisation's data protection framework and its purported compliance with GDPR standards.

The available audit reports from the EPO (CA/20/18, CA/20/19, CA/20/20) (warning: all are epo.org links) only contain cursory self-serving assertions to the effect that the organisation's data protection framework is "relatively closely aligned" with EU data processing regulations - whatever that is supposed to mean.

What is conspicuously absent is a credible independent audit of the EPO's data protection framework that could be considered to substantiate the self-serving assertions emanating from the EPO's senior management.

It seems that the reader is supposed to accept these assertions on "blind faith".

"For this reason it's a bit disconcerting to see the Federal Government of Germany still parroting the EPO's manifestly bogus and self-serving assertions about GDPR-compliance in such a naïve and uncritical manner in November 2019."However, this becomes difficult when it is recalled that back in 2016 the EPO staff union (SUEPO) commissioned a report about various aspects of EPO governance from external legal experts.

This report dated 31 May 2016 - which is publicly available - found that the EPO's data protection framework was not compliant with EU data protection standards and that it was in urgent need of a radical overhaul.

Nothing of substance has changed since May 2016.

For this reason it's a bit disconcerting to see the Federal Government of Germany still parroting the EPO's manifestly bogus and self-serving assertions about GDPR-compliance in such a naïve and uncritical manner in November 2019.

In the next part we will consider how this curious state of affairs came about.

Recent Techrights' Posts

Very High Attendance Level at Richard Stallman's Talk Shows People Can Relate to His Message
Smear campaigns have their limits
 
Links 28/05/2025: GitHub MCP Exploited and MathWorks Discovers Huge Windows TCO
Links for the day
Microsofters Were Scheming to Take Over This Entire Web Site (in Their Own Words!)
Money gets spent censoring/deplatforming people who speak about real issues; no money gets spent actually tackling those underlying issues
Gemini Links 28/05/2025: Celsius-Fahrenheit, Endless Scrolling/Infinite Scrolling, and Trapping LLM Slop Bots
Links for the day
Bicycles for the Minds and the Story Harrison Bergeron
"The goal of having people in charge of the tools they use and that the tools should amplify ability" has long been abandoned
Prison gate backdrop to baptism by Fr Sean O'Connell, St Paul's, Coburg
Reprinted with permission from Daniel Pocock
More Photos From This Week's Milan Talk by Richard Stallman
The posts are in Italian, not English
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, May 27, 2025
IRC logs for Tuesday, May 27, 2025
Links 27/05/2025: Science Defunded, India Arrests an Academic
Links for the day
Gemini Links 27/05/2025: From Celsius to Fahrenheit and Deleting Social Control Media
Links for the day
Microsofters Have, in Effect, Attempted Extrajudicial Action Against Us
Courts and Judges (or Masters) don't exist to facilitate this kind of "bro" culture
UK High Court Masters Are Not Your Jesters, Microsoft
Judges aren't there for "funny" spectacles, they're there to act as arbiters in critical cases, not SLAPPs
Links 27/05/2025: Mass Layoffs at Volvo and More Evidence of 'AI' (Slop) Being a Passing Fad
Links for the day
The Code of Conduct (CoC) Gaslighting Phenomenon
There are still many people and projects foolish enough to outsource their labour to Microsoft via GitHub
They're Very Jealous of Richard Stallman and His Freedom (or Simple Lifestyle)
Jealousy is toxic because it can cause rational people to act irrationally and even severely harm themselves
Akira Urushibata on GNU coreutils
new message
Anouk Rozestraten (Deputy Director) Appears to Have Left the Free Software Foundation
Let's hope Rozestraten is still using and promoting Free software
There's Nothing Funny About Lawbreaking
There's plenty of room in society for humour, but "hacking" the state by breaking laws isn't cool or hip
More Mass Layoffs Coming Soon to Microsoft, Just a Question of When and How Many
Numbers from Washington were close to 5% and judging by prior rumours, it would be 5% + 5% (total 10%) at a later month
Links 27/05/2025: Bikes, Ideal Computers, and BYO
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, May 26, 2025
IRC logs for Monday, May 26, 2025
Richard Stallman's Milan Talk (Public Presentation) Was Packed, Video Available Soon
Looks like they even ran out of seats
Gemini Links 26/05/2025: Intangible Stuff and Slop Issues
Links for the day
The Openwashing Shills Initiative (OSI) - Part I: Complaints to IRS or USDOJ Needed
If enough people do it, this will be more effective, more so if people who are based in the US do it
Open Source Initiative (OSI) Lobbying and the OSI's Status at Stake
At the end we plan to summarise all the issues in one very long article
Breaking Into Other People's Devices Without Authorisation Isn't "Funny" or "Research"
“Chaos was the law of nature; order was the dream of man.”
The Issue Isn't the Internet, the Issue is How People Are Taught to Use or Misuse It
The Web is circling down the drain. The Internet is not.
A Healed Reputation of a Movement's Leader and His Robust Message
The more aggressively you push against resistors, the more credibility they will gain
Links 26/05/2025: Deletions from Microsoft's GitHub, Telegram Blocked in Vietnam
Links for the day
Linux Released Last Night and There's Already LLM Slop With Slop Images
BetaNoise does not seem to mind this anymore
Links 26/05/2025: Walmart Layoffs and DRM Dumpster Fire ('Old' Fire TV Devices Lose Netflix Access)
Links for the day
Gemini Links 26/05/2025: USB Camera Viewer and Fantasy Life
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, May 25, 2025
IRC logs for Sunday, May 25, 2025