Milestone "GDPR-ready" Certification Claim Critiqued

Published Aug 12, 2019 12:09 PM

Milestone is touting that its latest XProtect VMS is "GDPR-ready" with a 'European Privacy Seal'.

IPVM Image

However, our investigation raises significant concerns over the applicability and suitability of this. In this post, we examine Milestone's "GDPR Ready" claim, including:

  • What Milestone is claiming
  • Why the certifier has 'not been accredited'
  • How Milestone and the certifier EuroPriSe has responded
  • What part of Milestone's software is being left out of the certification
  • What improvements Milestone said they made
  • What other certifications exist, such as Dahua and Uniview have used
  • What Genetec removed from their claim
  • What this tells us about GDPR certification schemes

Overall, this case shows clear limitations to GDPR certification - that is almost never mentioned in press releases- even well over a year after the law was implemented.

Milestone *****

** **** **,********* ****** * ***** ************** **** *** ****** ******** *** was *** "***** ***** ***** ********** software *******" ** ****** ****-***** *************, writing:

**** *** ****-***** ************* **** *** independent *** ********** ********* *********,end-users *** ** ********* **** **** **** *** ***** ********** ** ***** * **** ********* ***** ************ ************. [emphasis added]

*** ************* *** * "******** ******* Seal" ****** ** ******* ****** ****************,***** ****** *"***** ****** ******"***** *** *******.

IPVM Image

*** ********** ****** *** ******* *** by *** "*****" *** *** "*********" expert *** *** ** *** ******* German ************:

IPVM Image

Not **********, ******** *** ********

*** **** *********** ***** ** **** an "********* ****" ** *********'**** ******* *********** **** ******** **** "*** **** approved" ***** ********* ****** *** *** been ********** "** * ************* ****":

IPVM Image

**** ** *** **** ************* ******* are ** ********, ******* *****'* **** ********** ******** *** ******** ******** ** *** certifiers *** ** **********, ******* *** GDPR ********** ********** **** ********** *******.

********* ** *** ** *** **** respected *** *********** **** ********** (****** originally **** ****** ** *********** **********),*** **** ** ********** **** ***** are ** ******** **** **********, ******* IPVM:

******* **** ********, *** ****** ********** cannot ** ********* *** **** ***** that ** **** *****,no *** ** ** *** ******** ** ***** ** ******** **** ************* [emphasis added]

Milestone *** *** ******** *** ********* **************

***** ********* ****** ************ **** *** certification ** *** ********* ********, ********* did *** ******* **** ******** ** its ***** ******* ** ******* *****. This ** ******** ** *********'* *** explicit********:

Customers ** ********* *** ********** ** ******** **** ******* **** ****** *** ** ***** that have been granted [emphasis added]

Mistake - *********: "**** *** ** * *******"

** ******** ** ***** ***-********** ** the *************'* ***** ******, ********* **** us **** *********:

*** ***** ** *** ************* *** given ** ********* [***** **] *** we **** ********** ********** *** *** repeated/interpreted **. **** *** ** * mistake, *** ** **** *********** *** correct *** ********.

**** **** ****** *** ********* ** or **** ********* ******** *** ********.

Milestone ****** "******** ****-***** *************"

*********'* ***** ******* ****** **** "*** certification ****** *** **** ************ ** Milestone ******** *********", * ***** ******* emphasized ** * *****:

IPVM Image

********* ** *** ********* ******, *** following ******* ** ******** **** *********:

IPVM Image

Long **** ** *********, ********* ****** ***

*******, *** ****** ****** ****** **** numerous ******** ********* **** *** ******** at ***:

  • ****** ******
  • ****** *** *** ******
  • ********** ** ***** *** ********
  • ******** *********'* ***** *****
  • ********* *** ******
  • ********* ****** *********

*******, *** ******** ****** *** ** a ***** ******** - ** *** over ***,*** *********:

IPVM Image

Plugins/Biometrics ********

******* ***** ********, ***** ****** *** others *** *** *********, *** *** 160+ ******* ********* *********** ***********.

*** **** *** **** *******, **'* understandable **** ********* *** *** ******* these *******, ******* ********* ****** **** been **** *****, *********, **** ***** may ***** *** ******* *** **** "GDPR *****", ***** ** ********* *** the ****.

**** ** ************ ********** ********* ********* ************ ****** ***********, * ********** ******** strictly ********* ** *******'* ******* *, *.*.:

IPVM Image

*** **** ***** ** ***** ********** are *********** ***********'* ******** **** ******* ******* ****. (*** **** ** ********** use, *** ******* ******** *** ********** ********** ******.)

Milestone: **'** ******* ****** "*** ****** ********", **** *** ****** **********

***** ** ******* **** *** ** Milestone, **** **** ** **** **** GDPR ******* *** ****** ******* "*** future ********" ** ********, ***** * notice ***** *** ***** ******* "**** be ***** ** *** **** ******* of *** ******* *****".

Auditor: ********* *** ****

**ö** **********, * ******** ******* **** ** EuroPriSe ** ******* *********, **** **** he *** *** ******** *** ******* parts ** ** "**** **********":

**, *** ********, ***** *** **** the ********** **** **** **** ******* from *** *** "**** **********" ** the ***** **** **** *** *********** for * ****** ************ ** ******** Corporate. ***** *****components ***** ** ******** *** ******* ********* **** *** ***** ******** ******** that have to be enabled or actively selected during the installation process in order to be used. [emphasis added]

*** ******* *** ********* ** **** these '********' ********** **** ****-*** *** core ** *** *******'* *** ********* positioning *** *********. *********'* ***** ******** on ***** ** **** ******** *** community *** *** ******* ** *** within ********* ** ********* ** ***** neither ***** '*********' *** **** *** disclosed.

**** *************, ******** ********** ****** ****** ** '****'** ********.

EuroPriSe: ****** ******* ** **********

********* **** **** **** "****** ******* is **********" **** ** ***** ** their **** **************:

** ********* *** ****** ***** ** the ************* ** *********’* *** ** the ********* ** *** ************* ******* and ******* **** *** ****** ** evaluation ** **** ********** *** ****-*********.

No ********* ******* *********

****** ********** ** * **** ********* part ** *** ****, ***** ******** "******* ** ******" *** "***** ** *** ***" ********* *** ********* **** ******** by ** ** ** ******* ***** or *% ** ****** *******, ********* is ******(******* **).

*******, ********* ****** *** *** **** Milestone's ********** ********. *******, ********* **** IPVM ****, ***** ** **** ********* do *** *** ********, **** **** it "*****[**] *** *******" ** ******* firm's ****:

* *** **** *** **** ********* by ***** ******* / ** ******** experts ********.** ** **** *** **** ** the ********* ******* ** ***** *** results ** **** *** **** *** to ****** **** *** **** ********* has ***** *********** ******** ** **** with ********** ************ (** ***).

** *** ********* ******, ********** ******** was *** *** ** *** **********'* four "************." ******, **** ** *** EuroPriSe ********** ****** ** ******* ** Milestone ********* - ******* *** **** Privacy ***** *** ***** *************, *** underlined *****:

IPVM Image

Improvements ****

********* *** *** **** **** * number ** ************ ****** **** ************* process, *********:

* *** *** ******, ***** ****** <.> ********* ****** **********, ***** ****** ********** ****** ********** (********* *** important *** *********: *** ******** ******), and *** ** *** ******** ******* channels ***************. * ****** ** ***** improvements **** ******* **** ** *** Mobile ****** *********** ******** *** *** new ****** *************/******** ********** *** *** first ****** ** *******.

Other **************

********* ** *** **** *** **** video ************ **** ** *** **** certification. ******* ******* ****** ******* *******Ü* *************** **** *******, *** ****** *********, it **** *** ******* *** ****** reports ***** *** ************* *** ****** questions **** *** *****.

*******, *Ü* ********* ****** ***** **** 'certifications' ** ***** *** *******, *** quickly *** ******* ******* **** **** meant ***** ******** **** ******* "**** compliant". (*** ****, ******** ******** *** *** **** *********, No ******** *** **).

Genetec ********* ********* "*** ********** ****-*****"

******* *** **** ****** *** ********* "GDPR-Ready" ****** ************* ******* *********:

IPVM Image

*******, ******* **** **** ** *** stopped *********** **** *** ** *********'* lack ** *************/*************. ***** ** ******* out **** *** ************ ***************** *** ************* *** *** ******* this, *** ********* ********** *** *****:

IPVM Image

Highlights ***** **** **** ************* *******

*** ********* ******, ** *** ********, highlights * ****** ** ****** **** GDPR ************* *******, ******:

  • *** ** *** *** ** ********* an ************* ******* *** **********, *** has *** ****** *** ******** ***** what ******** ****** ** **** ** judge **** *********.
  • ******* ** ****, ***** ** ** "official" **** *********, ***** ******* ********** can **** ** ***** *** ******** to ***** ******* * ****** ** "GDPR *****" ** ***. **** ***** firms *** **** *********** ******** ** a ****** ** **** *** *** when ***** ***********.
  • ***** "**** *****" ******* * ***** that * ****** *** ****** ********** i.e. ******** *** ****** ** * data ******, ********** ** *** **** to ******* ***** *** ********.

*******, **** ** ***** ***** *********** are ********* **** ********* **** ***** GDPR ************** ** ***** ******** (*** one ********* ** *******'* ******* ******.)

**********

** *** **** ******* ** ************ important ***** *** ***** ************, **'* important ** **** ** **** *** clear *********** ** **** **************. ***** true ***** ** ********* ** ****** before *** ** ****** ******** ************* schemes *** ******** **********.

Comments (13)
UI
Undisclosed Integrator #1
Aug 12, 2019

"*** **** **** ****** **** ** the ******* *************?"

-- ******** ** ***** ***********

(3)
JH
John Honovich
Aug 12, 2019
IPVM

***** *********** **** ********* **** *****? :)

** *** ***********, ** * ******* rule, * **** **** **** ****** heavily **** ****** **** *** ***** what **** *** | **** | make *** ****** ** ***** ******. It ******* ** ****** ********* ********** that **** ** ****** ******* **** they *** | **** | ****.

(3)
(4)
Avatar
Salvatore D'Agostino
Aug 13, 2019
IDmachines

*** ** *** ******* ****** ** me ** **** **** ******* ** data ***********, ********* *** ***-********** ** the ************* ** * ******* ** opposed ** * ******* ********* ****** does *** **** **** **** ** do **** ******* ** *** *** data ******** ****** *** ******* ** practice.  ** ***** ** ** ********** I ***** ***** ** *****://****.******.**/****-**********/****-**********/*********-*******/*****-*************** ***** ** *** *** *******.  ** OpenConsent ** *** ********** ******** ** the ******** ********.

(1)
Avatar
Salvatore D'Agostino
Aug 14, 2019
IDmachines

**'* *** *** ******* **** ** find **** *** ***** ************ ****, so **** ** *** **** ** the ****** *************://****.******.**/*****/****/*****/************/****************************************.***

(1)
Avatar
Charles Rollet
Aug 19, 2019

** *********, ****** *** *** *******. Those *** ********** *** ****** *** best ******** *** ***** ***** *** for **** ***** ************ **********. ** actually ******* **** **** **** **** released **** ** ****, ****** **** ********** *** ***** ************ Examined.*** ********** *** *********** (***** ** a ****** ******* ******) ***** ********* 6; ** **** ****** ** *** major ******* *** ****.

Avatar
Salvatore D'Agostino
Aug 19, 2019
IDmachines

** ****** *******. *'* *** **** are ***** *** ******** *** *****. You **** * ****** ** ****** in *** **, *,*, **** *** BSI **** ** ** *** ****** domain,*** **** *** ** ************ ************, we (***********) *** * ****** ** these ******** ** **** ******** **** SIA ****** ** ** * ****** old ************ ***** ** *** ***** requirements **** **** ******* *****,*** ******* ******* ********** | ******** Industry ***********

*** ** * ********* *****, ** (OpenConsent) *** ********* ********** ******** (********* in *** ** *** **) ** this ** ******* * ******** ** the ****. ** ****** ***** ** provide *********** *** ****** *** ** accessed ****.*************** — ************/* ***

Avatar
Salvatore D'Agostino
Aug 28, 2019
IDmachines

** *******, ** *** ********** ******** on **** ** *********** *** *** response *** * ******** ** * could *** * **** **** ** try ** ****** *** ***** *** a ******** ** *** ****. ****** that ************ *** ***-** *** ********.

Avatar
Charles Rollet
Aug 29, 2019

****, ** *****.

Avatar
Salvatore D'Agostino
Aug 29, 2019
IDmachines

******, ****** ** ** * *** discussion.**** ** *** ****.

Avatar
Salvatore D'Agostino
Aug 30, 2019
IDmachines

**** *** ** ** **** **** the *** ********** ********** **** **** effect. *** ********* *** ******** ** the ***** *** ***** ************ ***** the **********:

***** ************ ** ********** ** *** need ** ******* ****** *** ******, which ** ** **** **** *** CNPD’s ******** ** ******** ** ***** surveillance. *** *** *********** *** ******* cannot ****** ****** *****, ******** ** areas ******** ** *******, ***** ** workers, **** ** *********, ******* ***** and ******** *****, *** *** ** point ** **** ** **** * manner **** ** ******** *** ********.

Avatar
Morten Tor Nielsen
Aug 13, 2019
prescienta.com

********* ** ******* ** **** **** old *** ********* ****.

*** ****** ******* *** **** ***** surveillance *** ****** ***** ** **** may ***** **** ********** ********* ******* makes *** ****** **** **** ********** using *** *******. **** ** ******* not *** ****, *** ********** ** his ****** ** ***, ** *** get ******* **** **** **** *** lots ** **** **** ** ** uses *** ******* ** *** ***** way. ******* ** *** ********* "******* the *******" ** ********** - *** damage *** **** ****, *** *** campaign ****** *** ******* (**** **** Milestone).

*** *** **** ** **** **** video ************ ******* ****** ****** *** you **** ** ** **** ** identify ***** ******. ** *****'* ****** matter **** *** ******* ****** ** you ********* **** *** ********** **** as ****. *********, ***'** ***** * system ******** ** ***** ******* ** people *** *** ** **********. **** you ** **** - ***** ****** have * ***** ** *** ******* from **** ********. ** ***'** ********* for ** **** ** **** ** cameras, **** **** *** ** * major **** ** *** ***. ** the **** ****, *** **** ** filter *** ******** ****!!! ********* ** not.

*** ******* ***** ** ** ****** (use ****** ** *********); * ********** put **** ** *** **** *** Datatilsynet *** *** ****** **** "** was * ****** ** ****** *****" as * ***** ****** *** *** providing * **** ** *** *******.

*****://***.********.**/*******/************-*****-*****-*****-********-********-****-**-********-*****************-*******

*** ***** *** ****** *** *****/********* people ****?

(1)
(1)
(1)
Avatar
Salvatore D'Agostino
Sep 23, 2019
IDmachines

** * ****** ** ****. **** this ******* *** ****** * **** a ******* (**) ****** ******* ** Milestones ****/******* ***** ** *******. * did *** * ******* *************** *** no ******* ********. * **** ****** it ** **** ***. ***** *** now ****** * ******. ** *** all *** **** ******** **** ******* is *********** *******, *** ** *** not ****.

JH
John Honovich
Sep 23, 2019
IPVM

***, ****** *** *******! * ********* your ******* ** ********* ****** **** to ****** *** *******.