Milestone "GDPR-ready" Certification Claim Critiqued

By: Charles Rollet, Published on Aug 12, 2019

Milestone is touting that its latest XProtect VMS is "GDPR-ready" with a 'European Privacy Seal'.

milestone gdpr ready europrise skepticism

However, our investigation raises significant concerns over the applicability and suitability of this. In this post, we examine Milestone's "GDPR Ready" claim, including:

  • What Milestone is claiming
  • Why the certifier has 'not been accredited'
  • How Milestone and the certifier EuroPriSe has responded
  • What part of Milestone's software is being left out of the certification
  • What improvements Milestone said they made
  • What other certifications exist, such as Dahua and Uniview have used
  • What Genetec removed from their claim
  • What this tells us about GDPR certification schemes

Overall, this case shows clear limitations to GDPR certification - that is almost never mentioned in press releases- even well over a year after the law was implemented.

*********** *********** *** ****** ******** VMS ** "****-*****" **** a '******** ******* ****'.

milestone gdpr ready europrise skepticism

*******, *** ************* ****** significant ******** **** *** applicability *** *********** ** this. ** **** ****, we ******* *********'* "**** Ready" *****, *********:

  • **** ********* ** ********
  • *** *** ********* *** 'not **** **********'
  • *** ********* *** *** certifier ********* *** *********
  • **** **** ** *********'* software ** ***** **** out ** *** *************
  • **** ************ ********* **** they ****
  • **** ***** ************** *****, such ** ***** *** Uniview **** ****
  • **** ******* ******* **** their *****
  • **** **** ***** ** about **** ************* *******

*******, **** **** ***** clear *********** ** **** certification - **** ** almost ***** ********* ** press ********- **** **** over * **** ***** the *** *** ***********.

[***************]

Milestone *****

** **** **,********* ****** * ***** release******* **** *** ****** XProtect *** *** *** "first ***** ***** ********** software *******" ** ****** GDPR-Ready *************, *******:

**** *** ****-***** ************* from *** *********** *** recognized ********* *********,end-users *** ** ********* **** **** **** *** ***** ********** ** ***** * **** ********* ***** ************ ************. [emphasis added]

*** ************* *** * "European ******* ****" ****** by ******* ****** ****************,***** ****** *"***** ****** ******"***** *** *******.

*** ********** ****** *** carried *** ** *** "legal" *** *** "*********" expert *** *** ** the ******* ****** ************:

Not **********, ******** *** ********

*** **** *********** ***** is **** ** "********* Note" ** *********'**** ******* *********** **** ******** **** "not **** ********" ***** EuroPrise ****** *** *** been ********** "** * certification ****":

**** ** *** **** certification ******* *** ** approved, ******* *****'* **** ********** ******** *** ******** ******** on *** ********** *** be **********, ******* *** GDPR ********** ********** **** in******** *******.

********* ** *** ** the **** ********* *** transparent **** ********** (****** originally **** ****** ** the******** **********),*** **** ** ********** that ***** *** ** official **** **********, ******* IPVM:

******* **** ********, *** formal ********** ****** ** completed *** **** ***** that ** **** *****,no *** ** ** *** ******** ** ***** ** ******** **** ************* [emphasis added]

Milestone *** *** ******** *** ********* **************

***** ********* ****** ************ that *** ************* ** not ********* ********, ********* did *** ******* **** anywhere ** *** ***** release ** ******* *****. This ** ******** ** EuroPriSe's *** ****************:

Customers ** ********* *** ********** ** ******** **** ******* **** ****** *** ** ***** that have been granted [emphasis added]

Mistake - *********: "**** *** ** * *******"

** ******** ** ***** non-disclosure ** *** *************'* legal ******, ********* **** us **** *********:

*** ***** ** *** certification *** ***** ** EuroPriSe [***** **] *** we **** ********** ********** and *** ********/*********** **. This *** ** * mistake, *** ** **** investigate *** ******* *** mistakes.

**** **** ****** *** reporting ** ** **** Milestone ******** *** ********.

Milestone ****** "******** ****-***** *************"

*********'* ***** ******* ****** that "*** ************* ****** all **** ************ ** Milestone ******** *********", * point ******* ********** ** a *****:

********* ** *** ********* report, *** ********* ******* of ******** **** *********:

Long **** ** *********, ********* ****** ***

*******, *** ****** ****** showed **** ******** ******** functions **** *** ******** at ***:

  • ****** ******
  • ****** *** *** ******
  • ********** ** ***** *** metadata
  • ******** *********'* ***** *****
  • ********* *** ******
  • ********* ****** *********

*******, *** ******** ****** app ** * ***** omission - ** *** over ***,*** *********:

Plugins/Biometrics ********

******* ***** ********, ***** unlike *** ****** *** not *********, *** *** 160+ ******* ********* *********** ***********.

*** **** *** **** reasons, **'* ************** **** Milestone *** *** ******* these *******, ******* ********* should **** **** **** clear, *********, **** ***** may ***** *** ******* are **** "**** *****", which ** ********* *** the ****.

**** ** ************ ********** since**** ********* ************ ****** ***********, * biometrics ******** ******** ********* by *******'* ******* *, *.*.:

*** **** ***** ** using ********** *** *********** in*********'* ******** **** ******* guide** ****. (*** **** on ********** ***, *** our**** ******** *** ********** ********** ******.)

Milestone: **'** ******* ****** "*** ****** ********", **** *** ****** **********

***** ** ******* **** out ** *********, **** told ** **** **** GDPR ******* *** ****** service "*** ****** ********" of ********, ***** * notice ***** *** ***** plugins "**** ** ***** to *** **** ******* of *** ******* *****".

Auditor: ********* *** ****

**ö** **********, * ******** ******* used ** ********* ** certify *********, **** **** he *** *** ******** the ******* ***** ** be "**** **********":

**, *** ********, ***** not **** *** ********** that **** **** ******* from *** *** "**** components" ** *** ***** that **** *** *********** for * ****** ************ of ******** *********. ***** thesecomponents ***** ** ******** *** ******* ********* **** *** ***** ******** ******** that have to be enabled or actively selected during the installation process in order to be used. [emphasis added]

*** ******* *** ********* is **** ***** '********' components **** ****-*** *** core ** *** *******'* own ********* *********** *** marketing. *********'* ***** ******** on ***** ** **** platform *** ********* *** 3rd ******* ** *** within ********* ** ********* by ***** ******* ***** 'certified' *** **** *** disclosed.

**** *************, ******** ********** and*** ****** ** '****'** ********.

EuroPriSe: ****** ******* ** **********

********* **** **** **** "cherry ******* ** **********" when ** ***** ** their **** **************:

** ********* *** ****** shape ** *** ************* of *********’* *** ** the ********* ** *** certification ******* *** ******* that *** ****** ** evaluation ** **** ********** and ****-*********.

No ********* ******* *********

****** ********** ** * very ********* **** ** the ****, ***** ******** "******* ** ******" *** "***** ** *** ***" ********* *** ********* data ******** ** ** to ** ******* ***** or *% ** ****** revenue, ********* ** ******(******* **).

*******, ********* ****** *** not **** *********'* ********** strength. *******, ********* **** IPVM ****, ***** ** does ********* ** *** own ********, **** **** it "*****[**] *** *******" of ******* ****'* ****:

* *** **** *** been ********* ** ***** privacy / ** ******** experts ********.** ** **** *** task ** *** ********* Experts ** ***** *** results ** **** *** test *** ** ****** that *** **** ********* has ***** *********** ******** to **** **** ********** shortcomings (** ***).

** *** ********* ******, encryption ******** *** *** one ** *** **********'* four "************." ******, **** of *** ********* ********** relied ** ******* ** Milestone ********* - ******* its **** ******* ***** and ***** *************, *** underlined *****:

Improvements ****

********* *** *** **** made * ****** ** improvements ****** **** ************* process, *********:

* *** *** ******, Smart ****** <.> ********* server **********, ***** ****** ********** ****** ********** (including *** ********* *** component: *** ******** ******), and *** ** *** Channels ******* ******** ***************. A ****** ** ***** improvements **** ******* **** as *** ****** ****** certificate ******** *** *** new ****** *************/******** ********** for *** ***** ****** of *******.

Other **************

********* ** *** **** the **** ***** ************ firm ** *** **** certification. ******* ******* ****** company *******Ü* *************** **** *******, *** unlike *********, ** **** not ******* *** ****** reports ***** *** ************* nor ****** ********* **** the *****.

*******, *Ü* ********* ****** vague **** '**************' ** Dahua *** *******, *** quickly *** ******* ******* that **** ***** ***** products **** ******* "**** compliant". (*** ****, ******** ******** *** *** GDPR *********, ** ******** Can **).

Genetec ********* ********* "*** ********** ****-*****"

******* *** **** ****** its ********* "****-*****" ****** for********** ******* *********:

*******, ******* **** **** it *** ******* *********** this *** ** *********'* lack ** *************/*************. ***** we ******* *** **** the ************ ***************** *** ************* *** not ******* ****, *** following ********** *** *****:

Highlights ***** **** **** ************* *******

*** ********* ******, ** our ********, ********** * number ** ****** **** GDPR ************* *******, ******:

  • *** ** *** *** to ********* ** ************* process *** **********, *** has *** ****** *** guidance ***** **** ******** should ** **** ** judge **** *********.
  • ******* ** ****, ***** is ** "********" **** certifier, ***** ******* ********** can **** ** ***** own ******** ** ***** whether * ****** ** "GDPR *****" ** ***. This ***** ***** *** omit *********** ******** ** a ****** ** **** see *** **** ***** evaluations.
  • ***** "**** *****" ******* a ***** **** * system *** ****** ********** i.e. ******** *** ****** of * **** ******, certifiers ** *** **** to ******* ***** *** PenTests.

*******, **** ** ***** clear *********** *** ********* when ********* **** ***** GDPR ************** ** ***** releases (*** *** ********* is *******'* ******* ******.)

**********

** *** **** ******* an ************ ********* ***** for ***** ************, **'* important ** **** ** mind *** ***** *********** of **** **************. ***** true ***** ** ********* to ****** ****** *** EU ****** ******** ************* schemes *** ******** **********.

Comments (13)

"*** **** **** ****** pick ** *** ******* manufacturers?"

-- ******** ** ***** integrators

***** *********** **** ********* GDPR *****? :)

** *** ***********, ** a ******* ****, * have **** **** ****** heavily **** ****** **** are ***** **** **** use | **** | make *** ****** ** other ******. ** ******* in ****** ********* ********** that **** ** ****** against **** **** *** | **** | ****.

*** ** *** ******* things ** ** ** that **** ******* ** data ***********, ********* *** sub-processors ** *** ************* of * ******* ** opposed ** * ******* delivered ****** **** *** have **** **** ** do **** ******* ** not *** **** ******** rights *** ******* ** practice.  ** ***** ** EU ********** * ***** refer ** *****://****.******.**/****-**********/****-**********/*********-*******/*****-*************** ***** ** *** *** comment.  ** *********** ** are ********** ******** ** the ******** ********.

**'* *** *** ******* link ** **** **** the ***** ************ ****, so **** ** *** link ** *** ****** guidance*****://****.******.**/*****/****/*****/************/****************************************.***

** *********, ****** *** the *******. ***** *** guidelines *** ****** *** best ******** *** ***** right *** *** **** video ************ **********. ** actually ******* **** **** they **** ******** **** in ****, ****** **** ********** *** Video ************ ********.*** ********** *** *********** (there ** * ****** comment ******) ***** ********* 6; ** **** ****** if *** ***** ******* are ****.

** ****** *******. *'* say **** *** ***** the ******** *** *****. You **** * ****** of ****** ** *** UK, *,*, **** *** BSI **** ** ** the ****** ******,*** **** *** ** surveillance ************, ** (***********) put * ****** ** these ******** ** **** document **** *** ****** it ** * ****** old ************ ***** ** and ***** ************ **** have ******* *****,*** ******* ******* ********** | ******** ******** ***********

*** ** * ********* above, ** (***********) *** currently ********** ******** (********* in *** ** *** EU) ** **** ** provide * ******** ** the ****. ** ****** wants ** ******* *********** the ****** *** ** accessed ****.*************** — ************/* ***

** *******, ** *** conducting ******** ** **** at *********** *** *** response *** * ******** if * ***** *** a **** **** ** try ** ****** *** input *** * ******** to *** ****. ****** that ************ *** ***-** for ********.

****, ** *****.

******, ****** ** ** a *** **********.**** ** *** ****.

**** *** ** ** IAPP **** *** *** Portuguese ********** **** **** effect. *** ********* *** included ** *** ***** for ***** ************ ***** the **********:

***** ************ ** ********** to *** **** ** protect ****** *** ******, which ** ** **** with *** ****’* ******** in ******** ** ***** surveillance. *** *** *********** the ******* ****** ****** public *****, ******** ** areas ******** ** *******, users ** *******, **** as *********, ******* ***** and ******** *****, *** can ** ***** ** ATMs ** **** * manner **** ** ******** the ********.

********* ** ******* ** some **** *** *** spreading ****.

*** ****** ******* *** some ***** ************ *** having ***** ** **** may ***** **** ********** Milestone ******* ***** *** immune **** **** ********** using *** *******. **** is ******* *** *** case, *** ********** ** his ****** ** ***, he *** *** ******* with **** **** *** lots ** **** **** if ** **** *** systems ** *** ***** way. ******* ** *** Milestone "******* *** *******" is ********** - *** damage *** **** ****, and *** ******** ****** its ******* (**** **** Milestone).

*** *** **** ** that **** ***** ************ systems ****** ****** *** you **** ** ** able ** ******** ***** people. ** *****'* ****** matter **** *** ******* things ** *** ********* have *** ********** **** as ****. *********, ***'** using * ****** ******** to ***** ******* ** people *** *** ** identified. **** *** ** that - ***** ****** have * ***** ** get ******* **** **** database. ** ***'** ********* for ** **** ** 100s ** *******, **** task *** ** * major **** ** *** ass. ** *** **** time, *** **** ** filter *** ******** ****!!! Certified ** ***.

*** ******* ***** ** in ****** (*** ****** to *********); * ********** put **** ** *** test *** ************ *** NOT ****** **** "** was * ****** ** export *****" ** * valid ****** *** *** providing * **** ** the *******.

*****://***.********.**/*******/************-*****-*****-*****-********-********-****-**-********-*****************-*******

*** ***** *** ****** VMS *****/********* ****** ****?

** * ****** ** here. **** **** ******* was ****** * **** a ******* (**) ****** request ** ********** ****/******* point ** *******. * did *** * ******* acknowledgement *** ** ******* response. * **** ****** it ** **** ***. Clock *** *** ****** 2 ******. ** *** all *** **** ******** what ******* ** *********** privacy, *** ** *** not ****.

***, ****** *** *******! I ********* **** ******* to ********* ****** **** to ****** *** *******.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Video Surveillance 101 Course Opened on Dec 12, 2019
IPVM is adding a Video Surveillance 101 course, designed to help those new to the industry to quickly understand the most important terms,...
Hikvision DS 2nd Gen Intercom Tested on Dec 12, 2019
With its newest IP intercom, Hikvision proclaims users can 'get full control over an entrance' regardless of where it is installed, home or office...
Acquisitions - Winners and Losers on Dec 10, 2019
Most major manufacturers have been acquired over the last decade. But which have been good deals or not? In this report, we analyze the...
IP Camera Installability Shootout 2019 - Avigilon, Axis, Bosch, Dahua, Hanwha, Hikvision, Uniview, Vivotek on Dec 09, 2019
What are the best and worst cameras to install? Which manufacturers make it the hardest or easiest to install their cameras? We tested 35 total...
Bosch Budget 3000i Cameras Tested on Dec 05, 2019
Bosch has long had a hole in its lineup for, as it describes, "competitively-priced cameras". Now, Bosch has released its 3000i series cameras...
Ireland National Children's Hospital Chooses Hikvision End-to-End With Facial Recognition on Dec 05, 2019
The world's most expensive hospital project ever, the New Children's Hospital in Ireland, has chosen an all-Hikvision surveillance system including...
AVTech ~$70 IP Cameras Tested Vs Dahua and Hikvision on Dec 04, 2019
Taiwanese manufacturer Avtech is taking direct aim at low cost leaders Dahua and Hikvision with ~$70 starlight and white light illuminator...
Ultinous European Analytics Startup Company Profile on Dec 04, 2019
European analytics-startup Ultinous pitches customers to "Have your own video analysis service!" We spoke to Ultinous to better understand their...
Arcules CEO Retracts False GDPR Claim + Dahua and Milestone Claims Examined on Dec 03, 2019
Arcules CEO has retracted a false claim about his organization being a "fully compliant GDPR company" after IPVM reporting (Arcules CEO Threatens...
Directory of Access Reader Manufacturers on Nov 27, 2019
Credential Readers are one of the most visible and noticeable parts of access systems, but installers often stick with only the brand they always...

Most Recent Industry Reports

Video Surveillance 101 Course Opened on Dec 12, 2019
IPVM is adding a Video Surveillance 101 course, designed to help those new to the industry to quickly understand the most important terms,...
Verkada Notification Outage on Dec 12, 2019
Verkada is suffering an event notification outage and analytic search failures. Inside, we examine what the issues are, what Verkada told IPVM...
Hikvision DS 2nd Gen Intercom Tested on Dec 12, 2019
With its newest IP intercom, Hikvision proclaims users can 'get full control over an entrance' regardless of where it is installed, home or office...
Honeywell 30 Series Cameras Tested Vs Dahua and Hikvision on Dec 11, 2019
Honeywell has infamously OEMed Dahua and Hikvision for years, but now they have introduced an NDAA-compliant line, the 30 Series, claiming "lower...
"Good Market, Bad Business Models" - Residential Security on Dec 11, 2019
Industry banker John Mack, at his company's annual event, took aim squarely at the problems in the residential security...
IP Camera Browser Support: Who's Broken / Who Works on Dec 10, 2019
For many years, IP cameras depended on ActiveX control, whose security flaws have been known for more than a decade. The good news is that this is...
Acquisitions - Winners and Losers on Dec 10, 2019
Most major manufacturers have been acquired over the last decade. But which have been good deals or not? In this report, we analyze the...
IP Camera Installability Shootout 2019 - Avigilon, Axis, Bosch, Dahua, Hanwha, Hikvision, Uniview, Vivotek on Dec 09, 2019
What are the best and worst cameras to install? Which manufacturers make it the hardest or easiest to install their cameras? We tested 35 total...
Viisights Raises $10 Million, Behavior Analytics Company Profile on Dec 09, 2019
Viisights, an Israeli AI analytics startup marketing "Behavioral Understanding Systems", announced $10 million Series A funding. We spoke to...
Disruptor Wyze Releases Undisruptive Smartlock on Dec 06, 2019
While Wyze has disrupted the consumer IP camera market with ~$20 cameras, its entrance into smart locks is entirely undisruptive. We have...