The events which form the focus of the present series began to unfold back in April 2014 when a member of the public requested the Bavarian State Data Protection Commissioner, Dr Thomas Petri, to investigate the EPO's data protection framework.
"Dr Petri took up the matter and came to the conclusion that the EPO's data protection framework was not fit for purpose."In particular he found [PDF] that there was no independent supervisory authority which could supervise compliance with data protection regulations at the EPO. This basically meant that "data subjects" had no effective means of enforcing their rights under data protection law.
However, Petri's examination of the legal situation noted that the authorised contracting party to the European Patent Convention was the Federal Republic of Germany, not the regional states ("Länder").
This meant that the deficient character of the EPO'S data protection framework was an issue that he could not pursue on his own.
It would need to be taken up at a national level by the competent national data protection authority, namely the Federal Commissioner for Data Protection and Freedom of Information (German abbreviation "BfDI").
"In August 2014, Voßhoff proceeded to contact the Justice BMJV to draw the Minister's attention to the matter and to propose the establishment of an independent data supervisory authority for the EPO."Following the conclusion of his investigation, Dr Petri, contacted his counterpart at federal level, the BfDI's Ms Andrea Voßhoff, in a letter dated 5 May 2014 [PDF] in which he summarised his findings and expressed his concerns.
In particular, Petri proposed that the BfDI should "work towards the establishment of a data protection supervision at the European Patent Office by a fully independent oversight body." He noted that the competent government ministry was the Federal Ministry of Justice and Consumer Protection (BMJV).
Ms Voßhoff concurred with Dr Petri's legal assessment of the situation his concerns on the issue of independent data protection supervision at the EPO.
In August 2014, Voßhoff proceeded to contact the Justice BMJV to draw the Minister's attention to the matter and to propose the establishment of an independent data supervisory authority for the EPO. The Minister for Justice at the time in question was Heiko Maas of the German Social Democratic Party (SPD).
The BMJV responded to Ms Voßhoff's communication in November 2014 [PDF].
"Hubig explained that Germany could not unilaterally pursue reform of the EPO's data protection framework because of the EPO's "autonomous" status in international law and the fact that institutional questions were regulated in a multilateral treaty, the European Patent Convention (EPC)."The response was issued by Dr Stefanie Hubig, an SPD party member and State Secretary ("Staatssekretär") at the BMJV reporting directly to the Minister Heiko Maas.
Hubig's response is full of the usual pious platitudes about data protection being "an extremely important issue for the Federal Ministry of Justice and Consumer Protection" and the typical waffle and hand-waving about how "the BMJV is committed to high data protection standards and their constant further development on many levels."
Hubig explained that Germany could not unilaterally pursue reform of the EPO's data protection framework because of the EPO's "autonomous" status in international law and the fact that institutional questions were regulated in a multilateral treaty, the European Patent Convention (EPC).
According to the BMJV, any revision of the EPC would require a diplomatic conference of all contracting states, "a time-consuming procedure by means of which changes cannot be implemented in the short term."
The letter ended with the standard run-of-the-mill assurance that "the BMJV will continue to work within the framework of the EPOrg to ensure that high data protection standards and an independent data protection structure are maintained and further developed."
"At that point it seemed as if the EPO file had been consigned to the BfDI's archives - at least as far as the German authorities were concerned - and that nothing further was likely to happen at a national level in the foreseeable future."In December 2014 Ms Voßhof wrote back [PDF] to Dr Petri to inform him of the BMJV's response.
She noted with regret that the BMJV did not take up her proposal to establish an independent external data protection supervisory authority over the EPO by amending the European Patent Convention (EPC) because of the necessity to convince a diplomatic conference of all 38 contracting states.
Ms Voßhoff described the BMJV's reluctance to push for a review of the matter within the EPO as "regrettable but understandable" in view of the large number of countries that would have to be engaged and convinced.
Because of the lack of uptake on the part of the BMJV, Ms Voßhoff thought that an approach that addressed many member states of the EPC simultaneously was likely to be more effective.
For this reason she proposed to raise the issue of independent data protection oversight of the EPO at EU level "within the framework of the [EU] Article 29 Working Group in Brussels", an advisory body of the EU made up of a representative from the data protection authority of each EU Member State, the European Data Protection Supervisor and the European Commission.
Voßhoff took the view that "a letter from the chair of the Working Group to the EDPS could provide the necessary European impetus for an amendment of the EPC."
At that point it seemed as if the EPO file had been consigned to the BfDI's archives - at least as far as the German authorities were concerned - and that nothing further was likely to happen at a national level in the foreseeable future.
However, as we shall see in the next part, not long afterwards in June 2015 the BfDI was prompted dust off the file following revelations in the press about unauthorised covert surveillance activities by Battistelli's Pinkertons, the notorious EPO "Investigative Unit". ⬆