Bonum Certa Men Certa

The EPO Bundestagate -- Part 4: Parroting the GDPR-Compliance Myth

Series index:

  1. The EPO Bundestagate -- Part 1: How the Bundestag Was (and Continues to be) Misled About EPO Affairs
  2. The EPO Bundestagate -- Part 2: Lack of Parliamentary Oversight, Many Questions and Few Answers…
  3. The EPO Bundestagate -- Part 3: A “Minor Interpellation” in the German Bundestag
  4. You are here ☞ Parroting the GDPR-Compliance Myth


EPO's GDPR-Compliance Myth
What could possibly have led the German government to parrot the EPO's bogus and self-serving claims about GDPR-compliance?



Summary: The EPO had been in violation of GDPR (EU) for years, both under Benoît Battistelli and António Campinos; but the lies persisted

Back in October 2019, the FDP submitted another "minor interpellation" entitled "Data protection in relation to cooperation with the EPO" ("Datenschutz bei EPA-Zusammenarbeit" - Bundestag Printed Paper [PDF] no. 19/14490).



This interpellation contained a series of questions relating to the EPO's data protection framework, in particular in the context of data exchanges with national authorities such as the German Patent & Trademark Office.

"This interpellation contained a series of questions relating to the EPO's data protection framework, in particular in the context of data exchanges with national authorities such as the German Patent & Trademark Office."Under point 7. of the interpellation, the FDP explicitly raised the issue of the compliance of the EPO's data protection framework with the GDPR (which had entered into force over a year previously in May 2018).

The relevant passage of the interpellation reads as follows (in translation):

According to the knowledge of the Federal Government, is data processing at the EPO compliant with the provisions of the GDPR, or does it have any indications that would suggest a deviation from GDPR regulations?


The response of the Federal Government was published on 12 November 2019 (Bundestag Printed Paper [PDF] no. 19/15072).

The passage of the response which addresses point 7. of the FDP's interpellation reads as follows (in translation):

The Federal Government has no indication that the EPO does not comply with the provisions of the European data protection standards. The Board of Auditors of the European Patent Organisation, which is appointed by the Administrative Council under Article 49(1) EPC and carries out its activities in accordance with Articles 49 and 50 EPC and its Rules of Procedure and professional auditing standards, stated the following in its audit report for the financial year 2018 (document CA/20/19) (warning: epo.org link). Although the EPO, as an international organization, is not directly subject to EU rules, the basic principles of the GDPR have nevertheless been implemented, as data of European citizens are processed at the EPO. In addition, it was noted that for the sake of transparency, the EPO has already established a data protection register in the past to record all processing of personal data. Upon request, the information can be made available (publicly) to the data subject, thus ensuring the right to information.


The government's response is another classic piece of hand-waving and obfuscation about the atrociously deficient state of the EPO's data protection framework.

It is however worth looking at this response more closely because it seems to have come straight from the EPO's internal "echo chamber". There is very little evidence of any independent thought or research on the part of those responsible for drafting the government's statement of its position.

"It seems that the reader is supposed to accept these assertions on "blind faith"."What is particularly noteworthy is the fact that the German government appears to rely solely on the EPO's internal audit report for the financial year 2018 (CA/20/19) (warning: epo.org link) as the basis for its "considered opinion" that the EPO's data protection framework is GDPR-compliant.

There's just one small problem here.

Neither CA/20/19 nor any other internal "audit report" from the EPO contains a meaningful substantive assessment of the organisation's data protection framework and its purported compliance with GDPR standards.

The available audit reports from the EPO (CA/20/18, CA/20/19, CA/20/20) (warning: all are epo.org links) only contain cursory self-serving assertions to the effect that the organisation's data protection framework is "relatively closely aligned" with EU data processing regulations - whatever that is supposed to mean.

What is conspicuously absent is a credible independent audit of the EPO's data protection framework that could be considered to substantiate the self-serving assertions emanating from the EPO's senior management.

It seems that the reader is supposed to accept these assertions on "blind faith".

"For this reason it's a bit disconcerting to see the Federal Government of Germany still parroting the EPO's manifestly bogus and self-serving assertions about GDPR-compliance in such a naïve and uncritical manner in November 2019."However, this becomes difficult when it is recalled that back in 2016 the EPO staff union (SUEPO) commissioned a report about various aspects of EPO governance from external legal experts.

This report dated 31 May 2016 - which is publicly available - found that the EPO's data protection framework was not compliant with EU data protection standards and that it was in urgent need of a radical overhaul.

Nothing of substance has changed since May 2016.

For this reason it's a bit disconcerting to see the Federal Government of Germany still parroting the EPO's manifestly bogus and self-serving assertions about GDPR-compliance in such a naïve and uncritical manner in November 2019.

In the next part we will consider how this curious state of affairs came about.

Recent Techrights' Posts

Why We Still Love Gemini Protocol
Gemini Protocol may seem like something "old" (it's actually very new) and something "nobody would use", but many people use it
This is the Man Who's Attacking Linus Torvalds et al in "a Disease" (Social Control Media)
One thing that Richard M. Stallman and Torvalds can agree on is that Social Control Media should be avoided
Unlike GAFAM, Free Software Serves You, It Does Not Serve Governments and MElons (Overlapping Forces)
Tired of oligarchy controlling your life through gadgets and "apps"?
When It Comes to Social Control Media, Linus Torvalds is Channeling Techrights
GAFAM workers know exactly who to aim at
New EPO Paper: Promoting (Rewarding) People Who Grant Many Illegal European Patents to Make More Money (at Europeans' Expense) While Patent Courts in the EU Are Themselves Illegal
now the coup is sort of complete and even the "courts" are part of the corruption
Slopwatch: Carnival of LLM Slop and FUD Spewed by Bots, Pasted in by MaKenna Hensley and Day
Welcome to the Web in 2025. Articles about "Linux", "Security", and the Web (e.g. "Firefox") are fake.
 
GNU/Linux Rises to All-Time High in Chile
sharp rise for GNU/Linux in Chile
Links 09/02/2025: Hottest January on Record, Panama Blackmailed
Links for the day
Gemini Links 09/02/2025: "Died as a Mineral" and Game Interface for a Non-Game
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, February 08, 2025
IRC logs for Saturday, February 08, 2025
Links 08/02/2025: UK Back Doors and Religious Fundamentalists in Positions of Higher Power
Links for the day
Today's IBM (Red Hat) Isn't the Company That Fought a Microsoft-Sponsored SCO in Court
IBM is nowadays in a state of rapid disintegration
When You Simply Rebrand Almost Everything as "Hey Hi" ("AI"), "Hey Hi Workloads", "Hey Hi Datacentres" and Whatnot
The "growth" has been a growing lie for years if not decades
Microsoft Windows Falls to 12% in Myanmar
Remember that Microsoft is virtually 0% in mobile
Gemini Links 08/02/2025: "Thought Leaders" and Returns to Gemini Protocol
Links for the day
Links 08/02/2025: MElon Coup, Mass Layoffs at Facebook, and PlayStation Network Down
Links for the day
On Wars Against Founders
We need to insist that founders remain
Links 08/02/2025: News Corp Admits Traffic Declines, Wildlife Trafficking Tackled
Links for the day
Gemini Links 08/02/2025: Lamp and Notions
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, February 07, 2025
IRC logs for Friday, February 07, 2025
Links 07/02/2025: Amazon’s Stock Collapses and US Government Being Dismantled (Still)
Links for the day
Gemini Links 07/02/2025: Mid-level Details and Simple Code
Links for the day
Links 07/02/2025: US 'Demolition Crew', e-ID Loopholes, and Sanctions
Links for the day
Professor Eben Moglen on How Social Control Media Metabolises Humans and Constrains Freedom of Thought
Nothing of value would be lost if all these data-harvesting giants (profiling people) vanished overnight
Social Control Media is Narcissism
Nowadays there's a lot more literature and even press coverage explaining the harms of Social Control Media
Debian Left Twitter (MElon "X"), We Think the Free Software Foundation (FSF) Should Do the Same
What would the FSF really lose if it stopped posting there?
statCounter Sees GNU/Linux Share Doubling in China Over the Past Year
It'll be interesting to see what data in the coming months shows
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, February 06, 2025
IRC logs for Thursday, February 06, 2025
Richard Stallman (RMS) Confirms Next Week's Talk in Europe
He gave at least 2 talks in Europe last month
Nationalism As A Service (NaaS) by Microsoft Azure, Gutting the US Government for Profit
Will Microsoft be receiving bailouts as a reward for all this?
Rumours of IBM Layoffs Apparently Confirmed Yesterday, IBM Canada Consulting Impacted (as Rumoured)
when IBM has layoffs we must also read it as Red Hat layoffs