Bonum Certa Men Certa
IRC Proceedings: Sunday, March 21, 2021 | EPO Board of Auditors is Incompetent and Patently Unfit for Purpose

EPO and Microsoft Collude to Break the Law -- The 'Smoking Gun': Hard Evidence That the EPO Has Been Lying About GDPR Compliance

What the EPO says:

EPO CA-20-19 page 49 of 88

Summary: The EPO's Annual Reports of the Board of Auditors help show that the cronies of Benoît Battistelli have been lying all along about GDPR compliance; António Campinos is, as expected, just another one of those Battistelli cronies, in effect passing EPO funds into a gambling black hole and overseas violators of everybody's privacy

We have managed to track down copies of the "audit reports" which allegedly confirm a close alignment between the EPO's data protection framework and the GDPR.



As far as we have been able to work out, the "audit reports" that the EPO refers to in its data protection "puff pieces" are the annual reports of the supposedly independent Board of Auditors (warning: epo.org link). One of these "independent" auditors is Battistelli's old crony from the INPI, Frederic Angermann.

" One of these "independent" auditors is Battistelli's old crony from the INPI, Frederic Angermann."Anyway, the annual audit report is usually issued as Administrative Council document no. 20 at the end of April or beginning of May each year.

So for 2020, the document is numbered CA/20/20 [PDF].

For 2019 it is CA/20/19 [PDF] and for 2018, the reference number is CA/20/18 [PDF].

"From this it can be seen that the the annual reports of the Board of Auditors just parrot the party line of EPO management..."We've made local copies as we want this to last and remain unchanged, just in case something mischievous was to happen at the EPO's end. As happened in the past...

The documents are publicly available via the official webpage of the Council (warning: epo.org link) and can be found using the search keyword "auditors".

The first mention of GDPR is in the 2018 audit report, CA/20/18, on page 6 of 81:

42) As of 25 May 2018, a new, uniform General Data Protection Regulation (GDPR) on data privacy will apply across the European Union (EU) to all organisations collecting and/or processing data from EU residents. 43) On July 2017, the President issued a task force with a mandate to assess the potential impact of this new EU GDPR on the EPO's current data protection guidelines. 44) It is noted that the EPO's current data protection guidelines are relatively closely in line with the new GDPR. However, an action plan is in place to address the potential impact of the GDPR on the EPO.


EPO CA-20-18 page 6 of 81

The 2019 audit report, CA/20/19, contains the following statement:
259) The new European General Data Protection Regulation (GDPR) has been in force since 25 May 2018. Even though the EU regulations do not directly apply to the EPO as an international organisation, basic principles have been implemented, as European citizens' data is processed at the EPO.


It then goes on to talk about a the implementation of a "data protection register to record all the processing operations carried out on personal data" which can be accessed by EPO employees on the EPO intranet. It is not accessible to external data subjects but external parties can make a data subject access request "thus ensuring the right to information". This is followed by a recommendation that data protection register needs to be updated and to be completed in order to ensure that all relevant information is available.

The report then states that the EPO's IT department, referred to as IM (= Information Management) is "only involved in the GDPR analysis on a high-level basis" and that IM does not prepare the necessary implementation, such as deletion concepts.

This section of the report concludes with a recommendation to include IM much more in the GDPR evaluation "to ensure that technical and organisational measures are addressed adequately. Additionally technical solutions need to be evaluated."

The 2020 audit report, CA/20/20, contains a section entitled "Analysis of implementation of GDPR requirements in the HR area" on page 7 of 89. According to this:

41. Since the Office, as an international organisation that does not fall under the EU regulations, is not subject to the General Data Privacy Regulation (hereinafter: "GDPR"), the internal "Guidelines for the protection of personal data" were developed and introduced by the Office with the latest revision in 2014. The abovementioned guidelines are very close to the requirements of the GDPR and Regulation (EU) 2018/1725 and as such are to be implemented and followed by the Office.


EPO CA-20-20 page 7 of 89

There are two short paragraphs explaining that "audit procedures were carried out in respect of the adherence of the Office to the requirements of the above-mentioned guidelines within the HR area" and that the audit "resulted in a number of recommendations", such as the need to update the Data Protection Registry and to define retention and deletion periods and actions for events such as retirement and leaving the Office.

"There hasn't actually been any independent audit of the EPO's data protection framework to determine the level of GDPR compliance."Additionally, it recommends that "the awareness of the responsibilities of controllers in terms of data protection topics should be raised, and regular training sessions should be held for the HR department, as well as for other departments working with the personal data, to inform them about critical areas in the data protection process."

From this it can be seen that the the annual reports of the Board of Auditors just parrot the party line of EPO management according to which "the EPO's current data protection guidelines are relatively closely in line with the new GDPR" (CA/20/18) and "the internal 'Guidelines for the protection of personal data' [which] were developed and introduced by the Office with the latest revision in 2014 ... are very close to the requirements of the GDPR and Regulation (EU) 2018/1725" (CA/20/20).

There hasn't actually been any independent audit of the EPO's data protection framework to determine the level of GDPR compliance.

All that we have are bald assertions of GDPR compliance by EPO management which have been rubber-stamped by the auditors without further ado.

"All that we have are bald assertions of GDPR compliance by EPO management which have been rubber-stamped by the auditors without further ado."Given that EPO management claimed at the time of adoption of the EPO's internal "Guidelines for the protection of personal data" in 2014 that they were closed aligned to the earlier EU Regulation (EC) 45/2001, it remains to be explained how these same Guidelines could now manage to be compliant with the GDPR which was not adopted by the EU until 2016 and entered into force in 2018.

Of course it's complete nonsense but as long as nobody actually goes to the trouble of carrying out an independent audit who's going to notice anything?

IRC Proceedings: Sunday, March 21, 2021 | EPO Board of Auditors is Incompetent and Patently Unfit for Purpose

Recent Techrights' Posts

EPO: Language of Conflict
A letter about this has already seen sent
Links 13/05/2024: Wikimedia Rides Hype Wave, XBox Expected to Go Through More Layoffs This Summer (July)
Links for the day
When Lunatics Attack Your Family (Especially Women)
The attacks on my wife and my mom are rather revealing. These are acts of extreme misogyny.
Linux is Released Too Often, Tested Insufficiently (Same as Chromium, Firefox, and Systemd)
Driven by schedule, not quality (objective criterion)
 
[Meme] Unconstitutional Proceedings in Foreign Languages for the Benefit of Corporations Outside Europe
Why does the UPC even exist?
Android Rises to 59% Market Share in Hungary, Windows Falls to All-Time Low
GNU/Linux in Hungary Reaches 3.5%
Approaching Our 3,000th Post (After Moving to a Static Site Generator Back in September)
the main purpose is to enable people to catch up
[Video] The Microsoft Crisis Isn't Over (More Mass Layoffs Planned)
We saw many attempts at suppressing information lately
Don’t Use Disney Minus. (Disney “Plus”)
Reprinted with permission from Ryan Farmer
Gemini Links 13/05/2024: Kingdom of the Dead and Narrative Adventure Game Gem
Links for the day
Visually Enhanced Interviews With ESR and RMS on Free Software (With French)
Nom de code - Linux
IRC Proceedings: Sunday, May 12, 2024
IRC logs for Sunday, May 12, 2024
Over at Tux Machines...
GNU/Linux news for the past day
GNU/Linux Rises to Record High in Macao
iOS and Android are very big there
Debian: Let's Pretend We Never Knew Daniel Pocock
Ad hominem is what happens when the message is hard to dispute
DPL Sam Hartman proves blackmail is alive and well in Debian
Reprinted with permission from disguised.work
What is a safe space?
Reprinted with permission from the Free Software Fellowship
Does Debian deserve an independent news service?
Reprinted with permission from disguised.work
Linux.com So Neglected If Not Abandoned That It Promotes Deals That Expired 4 Weeks Ago
Quite some "stewardship" by the Linux Foundation
The Fall of Meritocracy in Tech
nuff said
Microsoft Has Lost Malta
Android has caught up
In Asia, Baidu Has Become Bigger Than Bing and Yandex is Getting There Too
XBox and Bing are going through existential crises
"Having IBM Next to Your Name is a Scarlet Letter"
IBM staff just motivated not to work
Techrights Browsing Made Easier
a draft for discussion
Links 12/05/2024: XBox Founders Say Microsoft Lost Its Identity
Links for the day
Gemini Links 12/05/2024: Enshitification and Mind Maps
Links for the day
Aside From Red Hat Spam and Partisan Media There's a Lingering Rumour of Layoffs
Some rumour said IBM had second thoughts about a WARN notice and delayed that a bit
The Albanian open source community is very healthy indeed
Windows nosedives from 99.1% to a lot less
When I discovered people trafficking in open source software
Reprinted with permission from Daniel Pocock
Web Sites Hijacked by WIPO on Behalf of Microsoft-Sponsored SPI (and People Looking to Hide Embarrassing Facts)
debian.chat; debiancommunity.org; debian.day; debian.family; debian.finance; debian.giving; debiangnulinux.org; debian.guide; debian.news; debian.plus; debianproject.community; debianproject.org; debian.team; debian.video
Julian Assange on Privacy of People, Even Little Children
Facebook/Google (or GAFAM, an acronym I coined with Assange) knows you better than your mom knows you
[Meme] Miscomprehension of GDPR
Social control in general is a ticking timebomb
In Haiti, the Market Share of Windows Collapsed (From 97% to 27% on Desktops/Laptops)
A couple of months ago Windows was measured at 3.04%
In Most Countries It's Still Possible Not to Have a 'Smartphone' and to Pay for Nearly Everything With Cash
Withdrawing money will be possible as long as enough people use many ATMs (cash machines)
Expect Lots of Material From Daniel Pocock as Election Day Nears
The experiences of Daniel Pocock were an excellent example of reprisal or retribution against either whistleblowers or people who give a voice to whistleblowers
I've Been Promoting Free Software for Over 25 Years
I wrote my first computer program when I was about 14, maybe a little younger (I have visual memory of it)
Reminder: Richard Stallman's Talk is This Week in Paris (and in French)
Defending rms isn't the same as defending everything he has ever said
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, May 11, 2024
IRC logs for Saturday, May 11, 2024
Online Bullying (Trying to Make People Unhappy)
Narcissists and bullies behind mice and keyboards, no honesty or fact-checking required
Talk About Software Freedom
"Linux" and "BSD" may mean a lot to more and more people, but they're still just brands or acronyms
Windows in South Korea: From 98.5% in 2010 to About 30% (Android Rises to Almost 50%)
Samsung ships like a million Linux devices per day
Improving Site Navigation for Easier Discovery and Catch-ups
This site is run by code we wrote ourselves
LibrePlanet 2024 Recordings
Let's hope independent recordings by viewers can help recovery of "lost talks" (recordings)
GNU/Linux Reaches 11% Market Share in the United States Of America - an All-Time High
The United States Of America is where the operating system started (Boston) and where Linus Torvalds works (Portland)
[Meme] Being Believed, Not Censored or Defamed
Daniel Pocock, Zini, and John Sullivan (FSF)
Links 11/05/2024: XBox Crisis, Spotify Exodus Continues
Links for the day
Gemini Links 11/05/2024: Why to Delete GitHub
Links for the day
In Europe, Bing Fell Every Month This Year, Lost a Considerable Share Since "Bing Chat" and All the Chatbot Hype
Microsoft's Bing has had many layoffs lately
Links 11/05/2024: Analysis of the Microsoft Crisis and Backdoor-Looking Bugs
Links for the day
Attacking the Messenger?
Stack Overflow and LLM licencing
Microsoft Fired Loads of Staff in Kenya, Which is Another Large Country Where GNU/Linux Has Grown a Lot
Microsoft pays Kenyans only 2 dollars an hour for an IT/office job
Knowing the True History of Debian, Owing to Irish Debian Developer Daniel Pocock (Currently Running to Become Member of the European Parliament)
Irish-Australian and scapegoat of a highly dysfunctional 'Debian family'
Attacking by Credentials
Modest people do not demand fancy titles
Microsoft Windows Used to Have 99% of the OS Market in Jordan, Now It's Just 13% (Less Than iOS)
Based on the data of statCounter, GNU/Linux in Jordan climbed from 0.62% in May 2014 to nearly 5% right now
More Nations Are Reaching and Exceeding 5% Market Share for GNU/Linux, Microsoft Wants to be Bailed Out Again
Microsoft is once again reaching out to Biden for a bailout - a subject we'll cover in a video some time this weekend
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, May 10, 2024
IRC logs for Friday, May 10, 2024
[Meme] What Do You Call a Woman Who Does BDS on Free Software? Elana Hamasman.
Here are some confused thoughts
[Meme] Mission Aborted
Mission Aborted: cancel RMS
Taking Things Up a Notch
we strive/aim towards 15-25 new pages per day, i.e. around 500 per month or 6,000 per year