Arcules CEO has retracted a false claim about his organization being a "fully compliant GDPR company" after IPVM reporting (Arcules CEO Threatens Over "Security Breach") raised this concern.
False GDPR claims are an ongoing problem as technology companies try to gain unfair competitive advantages by deceiving about their EU government GDPR conformance.
In this note, we examine the issue with Arcules and problems with other surveillance companies including major industry participants Milestone and Dahua.
*** *********** *** ***** **** **** it **** ** ****. **** ** said ***:
*********'* ******** ********* ******* ********* ** pending ******** ******** ** ******* **(*) GDPR *** ********* **** ***not **** ********** as a certification body pursuant to Article 43 GDPR yet. EuroPriSe is dedicated to receiving the approval of its certification criteria and the accreditation as a certification body in accordance with Art. 42 f. GDPR asap. [emphasis added]
Even if there was a GDPR certification body in the EU, it probably wouldn't be able to certify a VMS as there are several conditions outside the software that needs to be met, and the actual use of the VMS might be in violation of GDPR regardless of how the VMS is designed and what features it offers.
I think the GDPR lies are an attempt to calm down existing and potential customers who are worried that installing a VMS will cause GDPR related issues, and - perhaps even more importantly - seed the (wrong) idea that companies who do not lie about this are not "GDPR compliant" and therefore should be avoided. It's a shameful way to conduct business, but I guess everything goes.
The truth is that most likely they will not be compliant either way and they will be exposing themselves to fines and a lot of work if GDPR eventually gets enforced on CCTV systems - regardless of what system they buy. Which makes me wonder if the lies make the companies liable for any GDPR related losses that a customer might experience? (I'm sure there's a no-responsibility clause in the EULA).
It might be that the EU eventually issues a set of guidelines that makes CCTV usable without causing the headaches we're seeing with the current rules. Currently, though, such exceptions do not exists, which means that a EU citizen can walk into a store and demand copies of every instance where they were captured on video (as video is considered personally identifiable data) which would also entail removing every other person in the video. I don't think the lawmakers didn't think of CCTV when they made it.
seed the (wrong) idea that companies who do not lie about this are not "GDPR compliant" and therefore should be avoided. It's a shameful way to conduct business, but I guess everything goes.
Morten, I recognize you are self-declared pessimist but... The point of us calling these things out is to help balance that risk out and disincentive companies from making such false claims.
Never forget - I am also a staunch misanthrope. I considered a new life as a kind of Diogenes of IP Video, but my wife objected to me living in a barrel.
Agree
Disagree
Informative
Unhelpful
Funny: 3
Create New Topic
Login to read this IPVM report.
Why do I need to log in?
IPVM conducts reporting, tutorials and software funded by subscriber's payments enabling us to offer the most independent, accurate and in-depth information.
Comments (3)
Morten Tor Nielsen
12/04/19 09:43am
Even if there was a GDPR certification body in the EU, it probably wouldn't be able to certify a VMS as there are several conditions outside the software that needs to be met, and the actual use of the VMS might be in violation of GDPR regardless of how the VMS is designed and what features it offers.
I think the GDPR lies are an attempt to calm down existing and potential customers who are worried that installing a VMS will cause GDPR related issues, and - perhaps even more importantly - seed the (wrong) idea that companies who do not lie about this are not "GDPR compliant" and therefore should be avoided. It's a shameful way to conduct business, but I guess everything goes.
The truth is that most likely they will not be compliant either way and they will be exposing themselves to fines and a lot of work if GDPR eventually gets enforced on CCTV systems - regardless of what system they buy. Which makes me wonder if the lies make the companies liable for any GDPR related losses that a customer might experience? (I'm sure there's a no-responsibility clause in the EULA).
It might be that the EU eventually issues a set of guidelines that makes CCTV usable without causing the headaches we're seeing with the current rules. Currently, though, such exceptions do not exists, which means that a EU citizen can walk into a store and demand copies of every instance where they were captured on video (as video is considered personally identifiable data) which would also entail removing every other person in the video. I don't think the lawmakers didn't think of CCTV when they made it.
Create New Topic