Dahua Products Are Not GDPR Compliant, No Products Can Be

By: Charles Rollet, Published on May 29, 2018

Dahua products are neither GDPR-compliant nor certified, contrary to their marketing.

*** ****** ** **** no ******** *** **, as *** ** **** not '*******' *** ******* products ** '*********'.

** **** ****, ***** on *** **+ **** **** *** Video ************ *****, ** ******* **** Dahua ** ***** ****, why ** ** ********** and *** ***** *** other ************* *** ****** support ****.

Announcement *** *****

*** *** ****** *** GDPR’s ******** ************** **** on *** **,***** ************* *** ** ******* and ***** ******** **** DVRs **** “*********” ** “comply **** *** ****” by*Ü* *********.  ***** ******* **** ********* who *** ***** “********* ** ********” ***** now “**** **** ******** [sic]."

Who ** ‘**********’ *****? 

*Ü* ** * *******, ***-****** company ** ******* **** provides *****-***** ************** *** inspections ** ***** **********. It ** *** **** of *** ** ********** or *** **** *********** mechanism. *Ü* *** ************ ****** ** China ** ******* *** revenues (**** ***** ***** media: *** ********* ***** ****** at ***** ******.)

***** ***** ******* ** was *** “***** ** global ***** ************ ********” to ******* **** ************* from*Ü*, ****** ******* ************ ************ Uniview **** ******* ***** * *** before ***** **** *** **** ******* TÜV.

'Derived ****' ****, *** ****

*Ü* ********* ****** **** *** ******* ************* schemes*** ******* **** *** EU ****,” ****** **** claiming **** ******* ****** proof ** **********, ** they ******.

GDPR *** *************

***** *** **** ********** certification ** *** ******* **, ** **** *** include *** ************ **** products ** ********* *** establish *** ****** ********** mechanisms. ************, ************* ** ***** for **** *********** *** processors ** **** "******* and *********** ***********" ********* "*********** safeguards" - ** ** not ***** *** ********.

******* **’* ******* * states **** *** ************* schemes **** ** “********* *** ********* *** a ******* **** ** transparent”. *******, *****’****** ******* [**** ** longer *********]** ******* ***** ** any ******* ***** ******* how ** ******** ************* plus ** *** **** minimal ******* **** *Ü* itself ** *** ******* and TÜV *** *** ********* to *** ******** ******** for ******* ** ****.

No ****** ** ***** ************** 

******** *Ü*'* ************* *** ******* ********* ***** no ***** ****** *** do *** ****** * firm’s ********* ** **** something **** ***** ********* **’* ******* *********:

 

False ***** ** ********

** ********* *** ******** GDPR *********, ***** ***** mislead ******* **** ******** they *** ********* ******* the ****’* *********** **** fines. 

*** **** ********* ***** ** ** to *% ** ****** revenue*** ********** ***** ** ***** to **** ******** *** rules. ** ********* ** IPVM’s**** *****, ***** ***** *** not ********* ********* *** broader ********** **** ********* authorities **** *****’* * breach ** ********* ****** with ***** ******** **** if *********. 

*** ***** *******, **’* not ******** *** * camera ** ** ‘****-*********.’ There *** ****** ** criteria ** ******** ****** to ********* ****. **** is ****** *** ***** reveals ****** ** ******* on ******* *** ***** products *** ****-********* ** the ***** *****.

Other ************ ******

***** ***’* *** **** firm ******* *****-***** **************. For *******,******* ********* **** **** that *** ***** ******* software ** “*********” ** “****-*****” b** ******* *** **** cautious ** *** ******, limiting ** ** * specific **** ******* ******* while ******** *** ***** ** *** ******** [**** no ****** *********], ****** *****,**** *** ******** **** “certified ** ****** **** the ****”.

***, ** ********* *****, Uniview ******** *********** *** same ***** ******* **** the **** ******* * day ******.

*******, ***** ** * reason ************* *** ** keen ** ******* ***** certifications. **’* ***** ********* and ********** *******, *** actual ********** **** *** GDPR ******.

What ** **** *** ** ******** ***** ****

******* ** ******** ** ‘certifying’ ******* *****, ** best *** ** ****** you *** ********* **** the **** ** ** ask * *** ***** questions **** **:

  • **** *** ******* ******* cybersecurity **** ********* *** encryption ******** ** ****** personal **** ******** *** avoided? (*** **** ********** ******* ****** ******’* ******** data ***’* ***********. ***** has * ******* ******* *****, ********* *** ** recently ****** *********, ***** * ******** allowing ****** ************ ***** access *** *********** *** ****** *******.)
  • ** *** ******* **** be ********* ***** ******* of ****** ***************, **** it **** **** ********/******* technology ************? (*** **** ********** “****************”** ***** ********** ** best ****** *******’ *******. This ********** ** *** a ****** ******* ** Dahua *******.)
  • ** **** ** * personal **** ******, ** there * ****** ** inform *********** *** ******* as **** ** ******** informed? (**** ********** **** inform ******* “******* ***** *****” ***** ******** ***** of * ******** **** breach. ***** ********** ************* ************ ******** *****.)
  • ** ***** * ********** public ******** **** ****** recognition ** ***** ********* techniques *** ***** ****? (Biometric ************* ********** **** * few ********* **********.***** ** **** ******* ** ****** recognition*** ************* **** * *** reporter ******* ******* * Chinese **** ** * minutes ** * *************.)

*********** *** *** ***** should ****** ********* **** they ******* **** ******* to *** ********* *****. It does *** ****** ** these *** “****-*********” ** someone.

 

Update, *** **:***** **** **** *** published, **** ***** *** following **** ** ********* that ***** *** ****, certification ** ******** *** **** *********** and ********** ****** **** actual ********:

"************, ************* ** ***** for **** *********** *** processors ** **** '******* and *********** ***********' ********* 'appropriate **********' - ** is *** ***** *** products."

 

******, *** **:*********** *** ** ***** blast ** *********** ******** ** ***** the "*****" ** ** certified ** *Ü* ** its *****.

Comments (17)

Great read. Not just from a Dahua perspective but with relation to GDPR in general. It's not just what you buy, it's how you deploy it. 

I've checked my emails but don't seem to have received IPVMs updated T&C's for my acceptance, that are required by GDPR. Could it be that IPVM are now contravening the GDPR? Surely not.....

On a practical note, the whole thrust of how GDPR affects CCTV is in regards to the protection of the data stored and the justification for gathering it and retaining it.

I'm sick of idiots claiming their equipment is GDPR compliant. My ashtray is compliant....so what? It's all about data, not about hardware.

 

GDPR does not actually state that emails should be sent out with revised T&Cs. All it has done is drive a massive amount of additional 'almost spam' notification emails. Companies should have thought about this more carefully placing notices on websites confirming acceptance rather than cramming the Internet!

That is only correct where the existing  T&Cs relating to the use of personal data are already 100% GDPR compliant. In the vast majority of cases, this has required changes to be made - hence the ridiculous amount of emails. I’m fairness GDPR has been on the way for many years so the last minute dash had been entirely unnecessary. It still leaves the question as to whether IPVM are ahead of the game or behind - only s bedtime read of the T&Cs will confirm this - or of course, Jon could confirm?

 

Who assesses if the GDPR is 100% compliant? The point i am making is that everyone has had over two years to get their act together. Yes, there is significant scaremongering, however, the plethora of emails requesting acknowledgement is ridiculous. in most cases i delete them as i know who i want to be registered with and unsubscribe if i do not. Simple as that. Let us all stop these bloody GDPR emails. Please. 

Can't agree anymore. The number of emails flying in is simply ridiculous. The scaremongering with massive fines has definitely put the 'fear of god' in to may DPOs in the various organisations. When it comes to CCTV I am looking at this as GDPR 1.0 and I would imagine that GDPR 2.0 would not be far away after a few court cases go horribly wrong for example.

It's worrying though as we have been asked are your products GDPR compliant yes or no many times. It shows that there is a lot left to do when it comes to educating the market.

It seems like every time these regulatory requirements come up there is a company willing to cash in on a false certification.

Agreed, they're banking on customers taking their word for it, rather than doing the kind of research we can be glad IPVM does.

It's like they're willing to lie to get in the door to sell their products, without any thought to what the backlash may be if the same customer finds out they aren't compliant after spending all of that money.

 

Our experience with Dahua is that they are highly incompetent. I am not excusing what they did with this press release but that's certainly a factor that they don't understand technical details or consider nuances in marketing, etc. 

When you look at TUV's marketing, it is pretty clear TUV understands that they cannot directly claim GDPR compliance or certification, so they use qualifications like 'derived from'. By contrast, Dahua misses it. My best guess it is a combination of incompetence and willful ignorance.

Our experience with Dahua is that they are highly incompetent. I am not excusing what they did with this press release but that's certainly a factor...

Only with Dahua could calling a company “highly incompetent” be confused with making an excuse for them ;)

Black image from the camera should be GDPR compliant, no?

Genetec was more cautious in its claims, limiting it to a specific GDPR related feature while avoiding the claim in its headline, contra Dahua, that its products were “certified to comply with the GDPR”.

Still Genetec does make the compliance claim,

Additionally, this re-certification comes with the special distinction that the Privacy Protector software is 'GDPR-ready', meeting the highest certifiable compliance with the European Union (EU) privacy standards," added Meissner.

For a software or hardware product to obtain the 'GDPR-ready' European Privacy Seal, the source code is tested to ensure that there are no vulnerabilities that can be exploited or hacked to suspend privacy protection (destructive anonymization), assuring that product conformity with the GDPR is verified. It is crucial that the examination is conducted by an independent and impartial institution, and that all criteria are made public. The EuroPriSe seal is valid for two years and must be re-awarded after its expiration. This assures that the product always complies with the latest EU privacy laws and policies.

Minimizing Genetec’s culpability because they didn’t put it in the headline doesn’t seem to square with 

The reason is that no products can be, as the EU does not 'certify' nor endorse products as 'compliant'.

In any event, do you think that they purposefully avoided putting the claim in the headline for that reason?

 

Putting something in a headline is far more powerful than putting it midway through the body, simply because headlines get read 10x or more than sentences in the middle of an announcement.

Let's try another scenario. Dahua does not issue this press release but an RSM tells you personally at an ADI counter that they are GDPR compliant. Both are wrong but clearly this later scenario is far less serious / misleading than being the title of a marketing campaign.

Putting something in a headline is far more powerful...

Agreed, more powerful.  Both were official corporate communications however.  Also, I don’t think that Genetec didn’t put it in the headline to be less misleading.

In any case, unless Genetec and Dahua, et al are to retract their compliance claims, there is simply no excuse for them to continue to dissemble.  

 

Catch 22

gdpr still needs work to be cctv specific

if you request your image other people in frame are supposed to be masked out

the courts would view that as being able to tamper with evidence

A funny vote is not enough for this one!

Read this IPVM report for free.

This article is part of IPVM's 6,534 reports, 880 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

Dahua Taunts Australian Government, Continues To Sell Illegal Fever Cameras on Aug 10, 2020
Dahua is effectively taunting the Australian government by continuing to sell...
US Surgeon General Unwittingly Showcases Sanctioned Dahua Temperature System on Jul 28, 2020
The US' top public health spokesperson, the Surgeon General, posted a photo...
NDAA Compliant Video Surveillance Whitelist on Aug 10, 2020
This report aggregates video surveillance products that manufacturers have...
Australia Dahua Faked Advertisement, Government Warns of 'Criminal Offense' for Not Registering As Medical Device on Jun 25, 2020
A full-page advertisement in a national Australia newspaper for Dahua's...
WDR Cheat Sheet and Camera Tracking - 30 Manufacturers on Aug 26, 2020
Manufacturers are regularly cryptic about what WDR support they actually...
Ink Labs Relabels China YCX Fever Camera And Steals Dahua's Marketing on Jul 30, 2020
A US company marketed a 'thermal temperature scanner' as its own, selling...
Wrong Dahua Australia Medical Device Approved on Jul 20, 2020
Dahua's body temperature system is now in Australia's medical device...
DoD Confirms No Blacklist Delay for Video Surveillance Sellers on Aug 19, 2020
The Department of Defense has confirmed to IPVM that the waiver granted does...
Avigilon Now Available At ADI In EMEA, Not Americas on Jul 21, 2020
ADI, the home for Dahua and Hikvision flash sales, is now selling Motorola...
SIA: "Refrain From Working With Companies And/or Products That Are Implicated In Human Rights Abuses" Like Dahua and Hikvision on Aug 17, 2020
The US (Security Industry Association) SIA has taken a stand, declaring that...
InVid Flaunts Violating FDA Guidelines on Aug 28, 2020
InVid Tech is showcasing an open violation of FDA fever screening guidelines...
Fever Cameras Are Medical Devices, Per The FDA, Dahua, Feevr, Hikvision, InVid Contrary Claims Are False on May 28, 2020
Fever cameras are medical devices, despite what euphemisms various sellers...
Convergint Refuses To Fix Faked Fever Marketing, FTC Complaint Filed on Jun 19, 2020
Since Convergint has refused to fix their faked fever camera marketing, IPVM...
Panasonic i-PRO Hid Huawei, Does Damage Control on Aug 21, 2020
Panasonic i-PRO hid their usage of Huawei from the public, continues to...
Warning: Panasonic i-PRO Deceives About NDAA Compliance on Aug 18, 2020
IPVM has determined that Panasonic i-PRO has deceived about its NDAA...

Recent Reports

OnTech Smart Services Partners With Google and Amazon To Compete With Integrators on Sep 25, 2020
A pain point for many homeowners to use consumer security and surveillance is...
The Future of Metalens For Video Surveillance Cameras - MIT / UMass / Immervision on Sep 25, 2020
Panoramic cameras using 'fisheye' lens have become commonplace in video...
Hikvision Sues Over Brazilian Airport Loss on Sep 24, 2020
Hikvision was excluded from a Brazilian airport project because it is owned...
China General Chamber of Commerce Calls Out US Politics on Sep 24, 2020
While US-China relations are at an all-time low, optimism about relations...
Verkada Disruptive Embedded Live Help on Sep 24, 2020
Call up your integrator? Have someone come by the next day? Verkada is...
IP Networking Course Fall 2020 - Last Chance - Register Now on Sep 23, 2020
Today is the last chance to register for the only IP networking course...
Drain Wire For Access Control Reader Tutorial on Sep 23, 2020
An easy-to-miss cabling specification plays a key role in access control, yet...
Norway Council of Ethics Finds Hikvision Human Rights Abuses "Ongoing" on Sep 23, 2020
Hikvision's involvement in "serious human rights abuse" in Xinjiang is...
IPVM Camera Calculator User Manual / Guide on Sep 23, 2020
Learn how to use the IPVM Camera Calculator (updated for Version 3.1). The...
Installation Course Fall 2020 - Save $50 - Last Chance on Sep 22, 2020
This is a unique installation course in a market where little practical...
SimpliSafe Business Security Launched Examined on Sep 22, 2020
SimpliSafe has launched "SimpliSafe Business Security" that the company...
FLIR CEO: Many New Fever Entrants "Making Claims That The Science Just Won't Support" on Sep 22, 2020
FLIR's CEO joins a growing number calling out risks with fever / screening...
China Bems Temperature Measurement Terminal Tested on Sep 22, 2020
Guangzhou Bems (brand Benshi) is the manufacturer behind temperature...
Axis Exports To China Police Criticized By Amnesty International on Sep 21, 2020
Axis Communications and other EU surveillance providers are under fire from...
Milestone XProtect on AWS Tested on Sep 21, 2020
Milestone finally launched multiple cloud solutions in 2020, taking a...