European Patent Organisation recognized under GDPR for adequate data protection
The European Patent Organisation (EPO) is set to become the first international organization to receive an adequacy decision from the European Commission. This decision will confirm that the EPO provides a level of personal data protection equivalent to that of the European Union. Adequacy decisions are an important part of EU data protection law, allowing personal data to be transferred freely from the EU to third countries or organizations that meet the required standards.
The European Data Protection Board (EDPB) has expressed support for the Commission’s initiative to recognize the EPO’s data protection framework. EDPB Chair Anu Talus highlighted that this decision reflects the ability of international organizations to ensure data protection standards under Article 45 of the GDPR. The EDPB also emphasized the importance of continuous dialogue between the Commission and international organizations to expand this category of adequacy decisions.
The EDPB’s opinion noted that the EPO’s data protection rules are largely consistent with the EU’s framework, including key data protection principles and rights. This alignment demonstrates that GDPR transfer provisions can be effectively applied to international organizations, respecting their unique legal status while ensuring personal data is protected.
Once formally adopted, this adequacy decision will facilitate secure data flows from the EU to the EPO. It sets a precedent for other international organizations seeking recognition under EU data protection standards, supporting the safe and lawful transfer of personal data beyond the EU’s borders.
