04.02.21

The EPO Bundestagate — Part 4: Parroting the GDPR-Compliance Myth

Posted in Deception, Europe, Patents at 7:54 pm by Dr. Roy Schestowitz

Series index:

  1. The EPO Bundestagate — Part 1: How the Bundestag Was (and Continues to be) Misled About EPO Affairs
  2. The EPO Bundestagate — Part 2: Lack of Parliamentary Oversight, Many Questions and Few Answers…
  3. The EPO Bundestagate — Part 3: A “Minor Interpellation” in the German Bundestag
  4. You are here ☞ Parroting the GDPR-Compliance Myth

EPO's GDPR-Compliance Myth
What could possibly have led the German government to parrot the EPO’s bogus and self-serving claims about GDPR-compliance?

Summary: The EPO had been in violation of GDPR (EU) for years, both under Benoît Battistelli and António Campinos; but the lies persisted

Back in October 2019, the FDP submitted another “minor interpellation” entitled “Data protection in relation to cooperation with the EPO” (“Datenschutz bei EPA-Zusammenarbeit”Bundestag Printed Paper [PDF] no. 19/14490).

This interpellation contained a series of questions relating to the EPO’s data protection framework, in particular in the context of data exchanges with national authorities such as the German Patent & Trademark Office.

“This interpellation contained a series of questions relating to the EPO’s data protection framework, in particular in the context of data exchanges with national authorities such as the German Patent & Trademark Office.”Under point 7. of the interpellation, the FDP explicitly raised the issue of the compliance of the EPO’s data protection framework with the GDPR (which had entered into force over a year previously in May 2018).

The relevant passage of the interpellation reads as follows (in translation):

According to the knowledge of the Federal Government, is data processing at the EPO compliant with the provisions of the GDPR, or does it have any indications that would suggest a deviation from GDPR regulations?

The response of the Federal Government was published on 12 November 2019 (Bundestag Printed Paper [PDF] no. 19/15072).

The passage of the response which addresses point 7. of the FDP’s interpellation reads as follows (in translation):

The Federal Government has no indication that the EPO does not comply with the provisions of the European data protection standards. The Board of Auditors of the European Patent Organisation, which is appointed by the Administrative Council under Article 49(1) EPC and carries out its activities in accordance with Articles 49 and 50 EPC and its Rules of Procedure and professional auditing standards, stated the following in its audit report for the financial year 2018 (document CA/20/19) (warning: epo.org link). Although the EPO, as an international organization, is not directly subject to EU rules, the basic principles of the GDPR have nevertheless been implemented, as data of European citizens are processed at the EPO. In addition, it was noted that for the sake of transparency, the EPO has already established a data protection register in the past to record all processing of personal data. Upon request, the information can be made available (publicly) to the data subject, thus ensuring the right to information.

The government’s response is another classic piece of hand-waving and obfuscation about the atrociously deficient state of the EPO’s data protection framework.

It is however worth looking at this response more closely because it seems to have come straight from the EPO’s internal “echo chamber”. There is very little evidence of any independent thought or research on the part of those responsible for drafting the government’s statement of its position.

“It seems that the reader is supposed to accept these assertions on “blind faith”.”What is particularly noteworthy is the fact that the German government appears to rely solely on the EPO’s internal audit report for the financial year 2018 (CA/20/19) (warning: epo.org link) as the basis for its “considered opinion” that the EPO’s data protection framework is GDPR-compliant.

There’s just one small problem here.

Neither CA/20/19 nor any other internal “audit report” from the EPO contains a meaningful substantive assessment of the organisation’s data protection framework and its purported compliance with GDPR standards.

The available audit reports from the EPO (CA/20/18, CA/20/19, CA/20/20) (warning: all are epo.org links) only contain cursory self-serving assertions to the effect that the organisation’s data protection framework is “relatively closely aligned” with EU data processing regulations – whatever that is supposed to mean.

What is conspicuously absent is a credible independent audit of the EPO’s data protection framework that could be considered to substantiate the self-serving assertions emanating from the EPO’s senior management.

It seems that the reader is supposed to accept these assertions on “blind faith”.

“For this reason it’s a bit disconcerting to see the Federal Government of Germany still parroting the EPO’s manifestly bogus and self-serving assertions about GDPR-compliance in such a naïve and uncritical manner in November 2019.”However, this becomes difficult when it is recalled that back in 2016 the EPO staff union (SUEPO) commissioned a report about various aspects of EPO governance from external legal experts.

This report dated 31 May 2016 – which is publicly available – found that the EPO’s data protection framework was not compliant with EU data protection standards and that it was in urgent need of a radical overhaul.

Nothing of substance has changed since May 2016.

For this reason it’s a bit disconcerting to see the Federal Government of Germany still parroting the EPO’s manifestly bogus and self-serving assertions about GDPR-compliance in such a naïve and uncritical manner in November 2019.

In the next part we will consider how this curious state of affairs came about.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

This post is also available in Gemini over at:

gemini://gemini.techrights.org/2021/04/02/bundestagate-part-4/

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

  1. Gemini and Techrights: Still Growing in Gemini Space and Always Supporting/Loving the Protocol

    As we continue to expand in Gemini space (where our very large site became a very large and likely the largest capsule) it's worth explaining some of the overlooked merits of the protocol; unlike the World Wide Web (WWW) it does not impose things on the user/visitor, who is more or less in charge

  2. Links 9/5/2021: KDE Frameworks 5.82.0 Release and Patents Related to COVID Subjected to Waivers

    Links for the day

  3. Act More 'Professional' to Appease Mobs

    We should all think alike, dress alike, and like everybody (especially the business overlords)

  4. IRC Proceedings: Saturday, May 08, 2021

    IRC logs for Saturday, May 08, 2021

  5. Some Background on the Free Speech Society at the University of Buckingham, Where Richard Stallman is Being 'Replatformed'

    A private British university, the University of Buckingham, will 'host' (virtually) the most-defamed person in the Free software world; the Free Speech Society is only two years old and rationality for its existence is explained by its co-founder James Oliver

  6. Web Sites or News Sites Perish When Their Arguments Are Weak and/or Invalid

    "Just be honest!" is a simple motto for any site; but some sites sell out in pursuit of money or grandiosity, unlike us (we turned 14.5 years old on Friday)

  7. GNU/Linux Turns 38 (in 4 Months From Now)

    Contrary to what the Linux Foundation wants you to think, the operating system turns 38 later this year

  8. Richard Stallman: Steve Jobs Did Some Very Bad Things

    Dr. Richard Stallman told me about Steve Jobs that he had helped digitally imprison computer users

  9. GNU/Linux Founder Richard Stallman to Give a Talk at the University of Buckingham Tomorrow (Live Stream)

    Tomorrow it will be possible to watch this new talk live using Free software

  10. Then We Take Berlin...

    Homage to EPO, based in Munich and Berlin (and defended by the government in Berlin)

  11. The Right to Assemble, Fundamental Rights of Ownership, and Many Other Rights Are Under Attack

    Techrights will be dealing a lot more with erosion of what people have come to assume were “rights” (real rights, such as human rights, labour rights, not copy “rights” or patent “rights”); when rights are reduced to rubble the long-term consequences are severe, shows history

  12. TechBytes Episode 91: End of Privacy and End of Windows 10X

    Tim and Roy produce their 2nd audiocast since TechBytes returned

  13. The Cancel Song

    People who work for (or receive funding from) Nazi-associated IBM are still trying to turn the work/legacy of Richard Stallman (RMS) into dust/ashes

  14. Pro-Software Freedom Advocates and Free/Libre Software Supporters Face Barriers Due to Domination of Communication Channels (Beyond the Media)

    A carefully-checked assessment of an overlooked aspect surrounding the 'cancel mob', which incites and brainwashes people based on lies; there's an attempt to control channels of communication (e.g. Open and Free Technology Community and Freenode) and to generally suppress people who support the founder of GNU/Linux

  15. Bashing Free Software and GNU/Linux is a Terrible Business Model for Publishers

    Contrary to unflattering portrayals by hostile media that's sponsored by foes of Free software, the usage of Free software grows, even if things such as DRM and surveillance stand in the way of software freedom (which was wrongly assumed to be ushered in by Free software, irrespective of malicious features like 'telemetry')

  16. Links 8/5/2021: GIMP 2.99.6, Wine 6.8 Released

    Links for the day

  17. IRC Proceedings: Friday, May 07, 2021

    IRC logs for Friday, May 07, 2021

  18. [Meme] Outsourcing Audacity Development to Microsoft Proprietary Software and Then Copying Microsoft Tactics (and 'Telemetry')

    They've had the audacity to call it "telemetry" and pretend that surveillance companies (spying giants) cannot figure out who you are based on IP addresses

  19. Links 7/5/2021: IPFire 2.25 Core Update 156 and Diffoscope 174 Released

    Links for the day

  20. The New Microsoft? No, the New IBM.

    Microsoft GitHub and IBM: a strategic alliance between a monopolistic duo

  21. The Audacity Takeover by Muse Group is No Cause for Celebration

    Audacity is now part of an entity called Muse Group and if it doesn’t take or suck freedom out of Audacity, it will certainly deny users rather basic concepts (or anticipation) of privacy

  22. King of Linux

    If the entire operating system is being called "Linux", then we fall for a publicity or misattribution stunt

  23. The Biggest Troll is the Linux Foundation, Still Looking to Provoke and Defame Free Software Communities in Order to Help a Monopolistic Takeover and to Shoehorn Tyrants Into Leadership Positions

    Contrary to what the so-called ‘Linux’ Foundation is trying to say, the most toxic element is itself; it’s maligning the real community while protecting abusive and racist corporations that profit from war and tribalism-motivated hatred

  24. IRC Proceedings: Thursday, May 06, 2021

    IRC logs for Thursday, May 06, 2021

  25. “The Lolita Express” and Prince Bill

    “The Lolita Express” scandals return to haunt pool old Bill, as it turns out his wife was upset and it's quite likely the reason for their divorce

  26. Links 7/5/2021: GNU/Linux Preinstalled, Plamo 7.3, LibreOffice 7.1.3

    Links for the day

  27. The Latest Reports About Bill Gates Serve to Confirm or at Least Reaffirm Many People's Suspicions

    So, just as many people suspected, Melinda Gates did not appreciate her husband sneaking behind her back to meet someone who had trafficked thousands of underage girls for sexual exploitation and there are high-profile calls right now for greater transparency, seeing the impact on the world’s biggest tax evasion vehicle

  28. Disregard Web Sites That Call Themselves 'News' and Instead Promote Proprietary Software for Companies Like Microsoft

    Publishers like IDG have long been paid-for marketing in ‘article’ clothing, sometimes with the veneer of ‘reporting’ (as if they have some inside knowledge or insight, e.g. speaking with or for the company they secretly coordinate with or market for); but sadly we’ve been seeing some so-called ‘Linux’ sites doing the same thing, in effect acting like de facto Microsoft marketers

  29. [Meme] Who Needs Examination Anyway When There's 'Hey Hi' (AI)?

    The patent production line could do away with 'pesky' and 'opinionated' examiners who actually wish to scrutinise alleged 'inventions'

  30. Europe's Second-Largest Institution Corrupting the Media and Buying Expensive Puff Pieces

    As annual reports reveal, the EPO wastes an extraordinary amount of money on reputation laundering campaigns and it pollutes the signal by paying publishers; we examine this issue using the new 'reports' shown in the video above

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts