Milestone "GDPR-ready" Certification Claim Critiqued

By: Charles Rollet, Published on Aug 12, 2019

Milestone is touting that its latest XProtect VMS is "GDPR-ready" with a 'European Privacy Seal'.

milestone gdpr ready europrise skepticism

However, our investigation raises significant concerns over the applicability and suitability of this. In this post, we examine Milestone's "GDPR Ready" claim, including:

  • What Milestone is claiming
  • Why the certifier has 'not been accredited'
  • How Milestone and the certifier EuroPriSe has responded
  • What part of Milestone's software is being left out of the certification
  • What improvements Milestone said they made
  • What other certifications exist, such as Dahua and Uniview have used
  • What Genetec removed from their claim
  • What this tells us about GDPR certification schemes

Overall, this case shows clear limitations to GDPR certification - that is almost never mentioned in press releases- even well over a year after the law was implemented.

*********** *********** *** ****** ******** VMS ** "****-*****" **** a '******** ******* ****'.

milestone gdpr ready europrise skepticism

*******, *** ************* ****** significant ******** **** *** applicability *** *********** ** this. ** **** ****, we ******* *********'* "**** Ready" *****, *********:

  • **** ********* ** ********
  • *** *** ********* *** 'not **** **********'
  • *** ********* *** *** certifier ********* *** *********
  • **** **** ** *********'* software ** ***** **** out ** *** *************
  • **** ************ ********* **** they ****
  • **** ***** ************** *****, such ** ***** *** Uniview **** ****
  • **** ******* ******* **** their *****
  • **** **** ***** ** about **** ************* *******

*******, **** **** ***** clear *********** ** **** certification - **** ** almost ***** ********* ** press ********- **** **** over * **** ***** the *** *** ***********.

[***************]

Milestone *****

** **** **,********* ****** * ***** release******* **** *** ****** XProtect *** *** *** "first ***** ***** ********** software *******" ** ****** GDPR-Ready *************, *******:

**** *** ****-***** ************* from *** *********** *** recognized ********* *********,end-users *** ** ********* **** **** **** *** ***** ********** ** ***** * **** ********* ***** ************ ************. [emphasis added]

*** ************* *** * "European ******* ****" ****** by ******* ****** ****************,***** ****** *"***** ****** ******"***** *** *******.

*** ********** ****** *** carried *** ** *** "legal" *** *** "*********" expert *** *** ** the ******* ****** ************:

Not **********, ******** *** ********

*** **** *********** ***** is **** ** "********* Note" ** *********'**** ******* *********** **** ******** **** "not **** ********" ***** EuroPrise ****** *** *** been ********** "** * certification ****":

**** ** *** **** certification ******* *** ** approved, ******* *****'* **** ********** ******** *** ******** ******** on *** ********** *** be **********, ******* *** GDPR ********** ********** **** in******** *******.

********* ** *** ** the **** ********* *** transparent **** ********** (****** originally **** ****** ** the******** **********),*** **** ** ********** that ***** *** ** official **** **********, ******* IPVM:

******* **** ********, *** formal ********** ****** ** completed *** **** ***** that ** **** *****,no *** ** ** *** ******** ** ***** ** ******** **** ************* [emphasis added]

Milestone *** *** ******** *** ********* **************

***** ********* ****** ************ that *** ************* ** not ********* ********, ********* did *** ******* **** anywhere ** *** ***** release ** ******* *****. This ** ******** ** EuroPriSe's *** ****************:

Customers ** ********* *** ********** ** ******** **** ******* **** ****** *** ** ***** that have been granted [emphasis added]

Mistake - *********: "**** *** ** * *******"

** ******** ** ***** non-disclosure ** *** *************'* legal ******, ********* **** us **** *********:

*** ***** ** *** certification *** ***** ** EuroPriSe [***** **] *** we **** ********** ********** and *** ********/*********** **. This *** ** * mistake, *** ** **** investigate *** ******* *** mistakes.

**** **** ****** *** reporting ** ** **** Milestone ******** *** ********.

Milestone ****** "******** ****-***** *************"

*********'* ***** ******* ****** that "*** ************* ****** all **** ************ ** Milestone ******** *********", * point ******* ********** ** a *****:

********* ** *** ********* report, *** ********* ******* of ******** **** *********:

Long **** ** *********, ********* ****** ***

*******, *** ****** ****** showed **** ******** ******** functions **** *** ******** at ***:

  • ****** ******
  • ****** *** *** ******
  • ********** ** ***** *** metadata
  • ******** *********'* ***** *****
  • ********* *** ******
  • ********* ****** *********

*******, *** ******** ****** app ** * ***** omission - ** *** over ***,*** *********:

Plugins/Biometrics ********

******* ***** ********, ***** unlike *** ****** *** not *********, *** *** 160+ ******* ********* *********** ***********.

*** **** *** **** reasons, **'* ************** **** Milestone *** *** ******* these *******, ******* ********* should **** **** **** clear, *********, **** ***** may ***** *** ******* are **** "**** *****", which ** ********* *** the ****.

**** ** ************ ********** since**** ********* ************ ****** ***********, * biometrics ******** ******** ********* by *******'* ******* *, *.*.:

*** **** ***** ** using ********** *** *********** in*********'* ******** **** ******* guide** ****. (*** **** on ********** ***, *** our**** ******** *** ********** ********** ******.)

Milestone: **'** ******* ****** "*** ****** ********", **** *** ****** **********

***** ** ******* **** out ** *********, **** told ** **** **** GDPR ******* *** ****** service "*** ****** ********" of ********, ***** * notice ***** *** ***** plugins "**** ** ***** to *** **** ******* of *** ******* *****".

Auditor: ********* *** ****

**ö** **********, * ******** ******* used ** ********* ** certify *********, **** **** he *** *** ******** the ******* ***** ** be "**** **********":

**, *** ********, ***** not **** *** ********** that **** **** ******* from *** *** "**** components" ** *** ***** that **** *** *********** for * ****** ************ of ******** *********. ***** thesecomponents ***** ** ******** *** ******* ********* **** *** ***** ******** ******** that have to be enabled or actively selected during the installation process in order to be used. [emphasis added]

*** ******* *** ********* is **** ***** '********' components **** ****-*** *** core ** *** *******'* own ********* *********** *** marketing. *********'* ***** ******** on ***** ** **** platform *** ********* *** 3rd ******* ** *** within ********* ** ********* by ***** ******* ***** 'certified' *** **** *** disclosed.

**** *************, ******** ********** and*** ****** ** '****'** ********.

EuroPriSe: ****** ******* ** **********

********* **** **** **** "cherry ******* ** **********" when ** ***** ** their **** **************:

** ********* *** ****** shape ** *** ************* of *********’* *** ** the ********* ** *** certification ******* *** ******* that *** ****** ** evaluation ** **** ********** and ****-*********.

No ********* ******* *********

****** ********** ** * very ********* **** ** the ****, ***** ******** "******* ** ******" *** "***** ** *** ***" ********* *** ********* data ******** ** ** to ** ******* ***** or *% ** ****** revenue, ********* ** ******(******* **).

*******, ********* ****** *** not **** *********'* ********** strength. *******, ********* **** IPVM ****, ***** ** does ********* ** *** own ********, **** **** it "*****[**] *** *******" of ******* ****'* ****:

* *** **** *** been ********* ** ***** privacy / ** ******** experts ********.** ** **** *** task ** *** ********* Experts ** ***** *** results ** **** *** test *** ** ****** that *** **** ********* has ***** *********** ******** to **** **** ********** shortcomings (** ***).

** *** ********* ******, encryption ******** *** *** one ** *** **********'* four "************." ******, **** of *** ********* ********** relied ** ******* ** Milestone ********* - ******* its **** ******* ***** and ***** *************, *** underlined *****:

Improvements ****

********* *** *** **** made * ****** ** improvements ****** **** ************* process, *********:

* *** *** ******, Smart ****** <.> ********* server **********, ***** ****** ********** ****** ********** (including *** ********* *** component: *** ******** ******), and *** ** *** Channels ******* ******** ***************. A ****** ** ***** improvements **** ******* **** as *** ****** ****** certificate ******** *** *** new ****** *************/******** ********** for *** ***** ****** of *******.

Other **************

********* ** *** **** the **** ***** ************ firm ** *** **** certification. ******* ******* ****** company *******Ü* *************** **** *******, *** unlike *********, ** **** not ******* *** ****** reports ***** *** ************* nor ****** ********* **** the *****.

*******, *Ü* ********* ****** vague **** '**************' ** Dahua *** *******, *** quickly *** ******* ******* that **** ***** ***** products **** ******* "**** compliant". (*** ****, ******** ******** *** *** GDPR *********, ** ******** Can **).

Genetec ********* ********* "*** ********** ****-*****"

******* *** **** ****** its ********* "****-*****" ****** for********** ******* *********:

*******, ******* **** **** it *** ******* *********** this *** ** *********'* lack ** *************/*************. ***** we ******* *** **** the ************ ***************** *** ************* *** not ******* ****, *** following ********** *** *****:

Highlights ***** **** **** ************* *******

*** ********* ******, ** our ********, ********** * number ** ****** **** GDPR ************* *******, ******:

  • *** ** *** *** to ********* ** ************* process *** **********, *** has *** ****** *** guidance ***** **** ******** should ** **** ** judge **** *********.
  • ******* ** ****, ***** is ** "********" **** certifier, ***** ******* ********** can **** ** ***** own ******** ** ***** whether * ****** ** "GDPR *****" ** ***. This ***** ***** *** omit *********** ******** ** a ****** ** **** see *** **** ***** evaluations.
  • ***** "**** *****" ******* a ***** **** * system *** ****** ********** i.e. ******** *** ****** of * **** ******, certifiers ** *** **** to ******* ***** *** PenTests.

*******, **** ** ***** clear *********** *** ********* when ********* **** ***** GDPR ************** ** ***** releases (*** *** ********* is *******'* ******* ******.)

**********

** *** **** ******* an ************ ********* ***** for ***** ************, **'* important ** **** ** mind *** ***** *********** of **** **************. ***** true ***** ** ********* to ****** ****** *** EU ****** ******** ************* schemes *** ******** **********.

Comments (7)

"*** **** **** ****** pick ** *** ******* manufacturers?"

-- ******** ** ***** integrators

***** *********** **** ********* GDPR *****? :)

** *** ***********, ** a ******* ****, * have **** **** ****** heavily **** ****** **** are ***** **** **** use | **** | make *** ****** ** other ******. ** ******* in ****** ********* ********** that **** ** ****** against **** **** *** | **** | ****.

*** ** *** ******* things ** ** ** that **** ******* ** data ***********, ********* *** sub-processors ** *** ************* of * ******* ** opposed ** * ******* delivered ****** **** *** have **** **** ** do **** ******* ** not *** **** ******** rights *** ******* ** practice.  ** ***** ** EU ********** * ***** refer ** *****://****.******.**/****-**********/****-**********/*********-*******/*****-*************** ***** ** *** *** comment.  ** *********** ** are ********** ******** ** the ******** ********.

**'* *** *** ******* link ** **** **** the ***** ************ ****, so **** ** *** link ** *** ****** guidance*****://****.******.**/*****/****/*****/************/****************************************.***

** *********, ****** *** the *******. ***** *** guidelines *** ****** *** best ******** *** ***** right *** *** **** video ************ **********. ** actually ******* **** **** they **** ******** **** in ****, ****** **** ********** *** Video ************ ********.*** ********** *** *********** (there ** * ****** comment ******) ***** ********* 6; ** **** ****** if *** ***** ******* are ****.

** ****** *******. *'* say **** *** ***** the ******** *** *****. You **** * ****** of ****** ** *** UK, *,*, **** *** BSI **** ** ** the ****** ******,*** **** *** ** surveillance ************, ** (***********) put * ****** ** these ******** ** **** document **** *** ****** it ** * ****** old ************ ***** ** and ***** ************ **** have ******* *****,*** ******* ******* ********** | ******** ******** ***********

*** ** * ********* above, ** (***********) *** currently ********** ******** (********* in *** ** *** EU) ** **** ** provide * ******** ** the ****. ** ****** wants ** ******* *********** the ****** *** ** accessed ****.*************** — ************/* ***

********* ** ******* ** some **** *** *** spreading ****.

*** ****** ******* *** some ***** ************ *** having ***** ** **** may ***** **** ********** Milestone ******* ***** *** immune **** **** ********** using *** *******. **** is ******* *** *** case, *** ********** ** his ****** ** ***, he *** *** ******* with **** **** *** lots ** **** **** if ** **** *** systems ** *** ***** way. ******* ** *** Milestone "******* *** *******" is ********** - *** damage *** **** ****, and *** ******** ****** its ******* (**** **** Milestone).

*** *** **** ** that **** ***** ************ systems ****** ****** *** you **** ** ** able ** ******** ***** people. ** *****'* ****** matter **** *** ******* things ** *** ********* have *** ********** **** as ****. *********, ***'** using * ****** ******** to ***** ******* ** people *** *** ** identified. **** *** ** that - ***** ****** have * ***** ** get ******* **** **** database. ** ***'** ********* for ** **** ** 100s ** *******, **** task *** ** * major **** ** *** ass. ** *** **** time, *** **** ** filter *** ******** ****!!! Certified ** ***.

*** ******* ***** ** in ****** (*** ****** to *********); * ********** put **** ** *** test *** ************ *** NOT ****** **** "** was * ****** ** export *****" ** * valid ****** *** *** providing * **** ** the *******.

*****://***.********.**/*******/************-*****-*****-*****-********-********-****-**-********-*****************-*******

*** ***** *** ****** VMS *****/********* ****** ****?

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Anyvision Facial Recognition Tested on Aug 21, 2019
Anyvision is aiming for $1 billion in revenue by 2022, backed by $74 million in funding. But does their performance live up to the hype they have...
Dahua 4K Camera Shootout on Aug 20, 2019
Dahua's new Pro Series 4K N85CL5Z claims to "deliver superior images in all lighting and environmental conditions", but how does this compare to...
ZK Teco Atlas Access Control Tested on Aug 20, 2019
Who needs access specialists? China-based ZKTeco claims its newest access panel 'makes it very easy for anyone to learn and install access control...
Suprema Biometric Mass Leak Examined on Aug 19, 2019
While Suprema is rarely discussed even within the physical security market, the South Korean biometrics manufacturer made global news this past...
Installation Course - Register Now on Aug 15, 2019
Register Now for the September 2019 Video Surveillance Install Course. This is a unique installation course in a market where little practical...
Biometrics Usage Statistics 2019 on Aug 13, 2019
Biometrics are commonly used in phones, but how frequently are they used for access? 150+ integrators told us how often they use biometrics,...
Proactive CCTV "Only Affordable Video Archiving Solution" Profile on Aug 12, 2019
Proactive CCTV is claiming to offer "the only affordable video archiving solution on the market", reducing the storage typically required for H.265...
Axis Door Station A8207-VE Tested on Aug 07, 2019
Axis newest door station, the A8207-VE, claims to deliver "video surveillance, two-way communication, and access control" in a single device. But...
Avigilon Blue VSaaS Tested on Aug 05, 2019
Avigilon says Blue is a "powerful integrator cloud service platform", easy to set up and configure, quickly scale business, by leveraging cloud...

Most Recent Industry Reports

Anyvision Facial Recognition Tested on Aug 21, 2019
Anyvision is aiming for $1 billion in revenue by 2022, backed by $74 million in funding. But does their performance live up to the hype they have...
JCI Sues Wyze on Aug 21, 2019
The mega manufacturer / integrator JCI has sued the fast-growing $20 camera Seattle startup Wyze. Inside this note: Share the court...
Dahua 4K Camera Shootout on Aug 20, 2019
Dahua's new Pro Series 4K N85CL5Z claims to "deliver superior images in all lighting and environmental conditions", but how does this compare to...
ZK Teco Atlas Access Control Tested on Aug 20, 2019
Who needs access specialists? China-based ZKTeco claims its newest access panel 'makes it very easy for anyone to learn and install access control...
Uniview Beats Intel In Trademark Lawsuit on Aug 19, 2019
Uniview has won a long-running trademark lawsuit brought by Intel, with Beijing's highest court reversing an earlier Intel win, centered on...
Suprema Biometric Mass Leak Examined on Aug 19, 2019
While Suprema is rarely discussed even within the physical security market, the South Korean biometrics manufacturer made global news this past...
Verkada People And Face Analytics Tested on Aug 16, 2019
This week, Verkada released "People Analytics", including face analytics that they describe is a "game-changing feature" that "pushes the...
Dahua OEM Directory 2019 on Aug 16, 2019
US Government banned Dahua OEMs for dozens of companies. The following directory includes 40+ of those companies with a graphic and links to...
Installation Course - Register Now on Aug 15, 2019
Register Now for the September 2019 Video Surveillance Install Course. This is a unique installation course in a market where little practical...
Axis Suffers Outage, Provides Postmortem on Aug 15, 2019
This week, Axis suffered an outage impacting their website and cloud services. Inside this note, we examined what happened, what was impacted...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact