Milestone "GDPR-ready" Certification Claim Critiqued

By: Charles Rollet, Published on Aug 12, 2019

Milestone is touting that its latest XProtect VMS is "GDPR-ready" with a 'European Privacy Seal'.

milestone gdpr ready europrise skepticism

However, our investigation raises significant concerns over the applicability and suitability of this. In this post, we examine Milestone's "GDPR Ready" claim, including:

  • What Milestone is claiming
  • Why the certifier has 'not been accredited'
  • How Milestone and the certifier EuroPriSe has responded
  • What part of Milestone's software is being left out of the certification
  • What improvements Milestone said they made
  • What other certifications exist, such as Dahua and Uniview have used
  • What Genetec removed from their claim
  • What this tells us about GDPR certification schemes

Overall, this case shows clear limitations to GDPR certification - that is almost never mentioned in press releases- even well over a year after the law was implemented.

*********** *********** *** ****** ******** VMS ** "****-*****" **** a '******** ******* ****'.

milestone gdpr ready europrise skepticism

*******, *** ************* ****** significant ******** **** *** applicability *** *********** ** this. ** **** ****, we ******* *********'* "**** Ready" *****, *********:

  • **** ********* ** ********
  • *** *** ********* *** 'not **** **********'
  • *** ********* *** *** certifier ********* *** *********
  • **** **** ** *********'* software ** ***** **** out ** *** *************
  • **** ************ ********* **** they ****
  • **** ***** ************** *****, such ** ***** *** Uniview **** ****
  • **** ******* ******* **** their *****
  • **** **** ***** ** about **** ************* *******

*******, **** **** ***** clear *********** ** **** certification - **** ** almost ***** ********* ** press ********- **** **** over * **** ***** the *** *** ***********.

[***************]

Milestone *****

** **** **,********* ****** * ***** release******* **** *** ****** XProtect *** *** *** "first ***** ***** ********** software *******" ** ****** GDPR-Ready *************, *******:

**** *** ****-***** ************* from *** *********** *** recognized ********* *********,end-users *** ** ********* **** **** **** *** ***** ********** ** ***** * **** ********* ***** ************ ************. [emphasis added]

*** ************* *** * "European ******* ****" ****** by ******* ****** ****************,***** ****** *"***** ****** ******"***** *** *******.

*** ********** ****** *** carried *** ** *** "legal" *** *** "*********" expert *** *** ** the ******* ****** ************:

Not **********, ******** *** ********

*** **** *********** ***** is **** ** "********* Note" ** *********'**** ******* *********** **** ******** **** "not **** ********" ***** EuroPrise ****** *** *** been ********** "** * certification ****":

**** ** *** **** certification ******* *** ** approved, ******* *****'* **** ********** ******** *** ******** ******** on *** ********** *** be **********, ******* *** GDPR ********** ********** **** in******** *******.

********* ** *** ** the **** ********* *** transparent **** ********** (****** originally **** ****** ** the******** **********),*** **** ** ********** that ***** *** ** official **** **********, ******* IPVM:

******* **** ********, *** formal ********** ****** ** completed *** **** ***** that ** **** *****,no *** ** ** *** ******** ** ***** ** ******** **** ************* [emphasis added]

Milestone *** *** ******** *** ********* **************

***** ********* ****** ************ that *** ************* ** not ********* ********, ********* did *** ******* **** anywhere ** *** ***** release ** ******* *****. This ** ******** ** EuroPriSe's *** ****************:

Customers ** ********* *** ********** ** ******** **** ******* **** ****** *** ** ***** that have been granted [emphasis added]

Mistake - *********: "**** *** ** * *******"

** ******** ** ***** non-disclosure ** *** *************'* legal ******, ********* **** us **** *********:

*** ***** ** *** certification *** ***** ** EuroPriSe [***** **] *** we **** ********** ********** and *** ********/*********** **. This *** ** * mistake, *** ** **** investigate *** ******* *** mistakes.

**** **** ****** *** reporting ** ** **** Milestone ******** *** ********.

Milestone ****** "******** ****-***** *************"

*********'* ***** ******* ****** that "*** ************* ****** all **** ************ ** Milestone ******** *********", * point ******* ********** ** a *****:

********* ** *** ********* report, *** ********* ******* of ******** **** *********:

Long **** ** *********, ********* ****** ***

*******, *** ****** ****** showed **** ******** ******** functions **** *** ******** at ***:

  • ****** ******
  • ****** *** *** ******
  • ********** ** ***** *** metadata
  • ******** *********'* ***** *****
  • ********* *** ******
  • ********* ****** *********

*******, *** ******** ****** app ** * ***** omission - ** *** over ***,*** *********:

Plugins/Biometrics ********

******* ***** ********, ***** unlike *** ****** *** not *********, *** *** 160+ ******* ********* *********** ***********.

*** **** *** **** reasons, **'* ************** **** Milestone *** *** ******* these *******, ******* ********* should **** **** **** clear, *********, **** ***** may ***** *** ******* are **** "**** *****", which ** ********* *** the ****.

**** ** ************ ********** since**** ********* ************ ****** ***********, * biometrics ******** ******** ********* by *******'* ******* *, *.*.:

*** **** ***** ** using ********** *** *********** in*********'* ******** **** ******* guide** ****. (*** **** on ********** ***, *** our**** ******** *** ********** ********** ******.)

Milestone: **'** ******* ****** "*** ****** ********", **** *** ****** **********

***** ** ******* **** out ** *********, **** told ** **** **** GDPR ******* *** ****** service "*** ****** ********" of ********, ***** * notice ***** *** ***** plugins "**** ** ***** to *** **** ******* of *** ******* *****".

Auditor: ********* *** ****

**ö** **********, * ******** ******* used ** ********* ** certify *********, **** **** he *** *** ******** the ******* ***** ** be "**** **********":

**, *** ********, ***** not **** *** ********** that **** **** ******* from *** *** "**** components" ** *** ***** that **** *** *********** for * ****** ************ of ******** *********. ***** thesecomponents ***** ** ******** *** ******* ********* **** *** ***** ******** ******** that have to be enabled or actively selected during the installation process in order to be used. [emphasis added]

*** ******* *** ********* is **** ***** '********' components **** ****-*** *** core ** *** *******'* own ********* *********** *** marketing. *********'* ***** ******** on ***** ** **** platform *** ********* *** 3rd ******* ** *** within ********* ** ********* by ***** ******* ***** 'certified' *** **** *** disclosed.

**** *************, ******** ********** and*** ****** ** '****'** ********.

EuroPriSe: ****** ******* ** **********

********* **** **** **** "cherry ******* ** **********" when ** ***** ** their **** **************:

** ********* *** ****** shape ** *** ************* of *********’* *** ** the ********* ** *** certification ******* *** ******* that *** ****** ** evaluation ** **** ********** and ****-*********.

No ********* ******* *********

****** ********** ** * very ********* **** ** the ****, ***** ******** "******* ** ******" *** "***** ** *** ***" ********* *** ********* data ******** ** ** to ** ******* ***** or *% ** ****** revenue, ********* ** ******(******* **).

*******, ********* ****** *** not **** *********'* ********** strength. *******, ********* **** IPVM ****, ***** ** does ********* ** *** own ********, **** **** it "*****[**] *** *******" of ******* ****'* ****:

* *** **** *** been ********* ** ***** privacy / ** ******** experts ********.** ** **** *** task ** *** ********* Experts ** ***** *** results ** **** *** test *** ** ****** that *** **** ********* has ***** *********** ******** to **** **** ********** shortcomings (** ***).

** *** ********* ******, encryption ******** *** *** one ** *** **********'* four "************." ******, **** of *** ********* ********** relied ** ******* ** Milestone ********* - ******* its **** ******* ***** and ***** *************, *** underlined *****:

Improvements ****

********* *** *** **** made * ****** ** improvements ****** **** ************* process, *********:

* *** *** ******, Smart ****** <.> ********* server **********, ***** ****** ********** ****** ********** (including *** ********* *** component: *** ******** ******), and *** ** *** Channels ******* ******** ***************. A ****** ** ***** improvements **** ******* **** as *** ****** ****** certificate ******** *** *** new ****** *************/******** ********** for *** ***** ****** of *******.

Other **************

********* ** *** **** the **** ***** ************ firm ** *** **** certification. ******* ******* ****** company *******Ü* *************** **** *******, *** unlike *********, ** **** not ******* *** ****** reports ***** *** ************* nor ****** ********* **** the *****.

*******, *Ü* ********* ****** vague **** '**************' ** Dahua *** *******, *** quickly *** ******* ******* that **** ***** ***** products **** ******* "**** compliant". (*** ****, ******** ******** *** *** GDPR *********, ** ******** Can **).

Genetec ********* ********* "*** ********** ****-*****"

******* *** **** ****** its ********* "****-*****" ****** for********** ******* *********:

*******, ******* **** **** it *** ******* *********** this *** ** *********'* lack ** *************/*************. ***** we ******* *** **** the ************ ***************** *** ************* *** not ******* ****, *** following ********** *** *****:

Highlights ***** **** **** ************* *******

*** ********* ******, ** our ********, ********** * number ** ****** **** GDPR ************* *******, ******:

  • *** ** *** *** to ********* ** ************* process *** **********, *** has *** ****** *** guidance ***** **** ******** should ** **** ** judge **** *********.
  • ******* ** ****, ***** is ** "********" **** certifier, ***** ******* ********** can **** ** ***** own ******** ** ***** whether * ****** ** "GDPR *****" ** ***. This ***** ***** *** omit *********** ******** ** a ****** ** **** see *** **** ***** evaluations.
  • ***** "**** *****" ******* a ***** **** * system *** ****** ********** i.e. ******** *** ****** of * **** ******, certifiers ** *** **** to ******* ***** *** PenTests.

*******, **** ** ***** clear *********** *** ********* when ********* **** ***** GDPR ************** ** ***** releases (*** *** ********* is *******'* ******* ******.)

**********

** *** **** ******* an ************ ********* ***** for ***** ************, **'* important ** **** ** mind *** ***** *********** of **** **************. ***** true ***** ** ********* to ****** ****** *** EU ****** ******** ************* schemes *** ******** **********.

Comments (13)

"*** **** **** ****** pick ** *** ******* manufacturers?"

-- ******** ** ***** integrators

***** *********** **** ********* GDPR *****? :)

** *** ***********, ** a ******* ****, * have **** **** ****** heavily **** ****** **** are ***** **** **** use | **** | make *** ****** ** other ******. ** ******* in ****** ********* ********** that **** ** ****** against **** **** *** | **** | ****.

*** ** *** ******* things ** ** ** that **** ******* ** data ***********, ********* *** sub-processors ** *** ************* of * ******* ** opposed ** * ******* delivered ****** **** *** have **** **** ** do **** ******* ** not *** **** ******** rights *** ******* ** practice.  ** ***** ** EU ********** * ***** refer ** *****://****.******.**/****-**********/****-**********/*********-*******/*****-*************** ***** ** *** *** comment.  ** *********** ** are ********** ******** ** the ******** ********.

**'* *** *** ******* link ** **** **** the ***** ************ ****, so **** ** *** link ** *** ****** guidance*****://****.******.**/*****/****/*****/************/****************************************.***

** *********, ****** *** the *******. ***** *** guidelines *** ****** *** best ******** *** ***** right *** *** **** video ************ **********. ** actually ******* **** **** they **** ******** **** in ****, ****** **** ********** *** Video ************ ********.*** ********** *** *********** (there ** * ****** comment ******) ***** ********* 6; ** **** ****** if *** ***** ******* are ****.

** ****** *******. *'* say **** *** ***** the ******** *** *****. You **** * ****** of ****** ** *** UK, *,*, **** *** BSI **** ** ** the ****** ******,*** **** *** ** surveillance ************, ** (***********) put * ****** ** these ******** ** **** document **** *** ****** it ** * ****** old ************ ***** ** and ***** ************ **** have ******* *****,*** ******* ******* ********** | ******** ******** ***********

*** ** * ********* above, ** (***********) *** currently ********** ******** (********* in *** ** *** EU) ** **** ** provide * ******** ** the ****. ** ****** wants ** ******* *********** the ****** *** ** accessed ****.*************** — ************/* ***

** *******, ** *** conducting ******** ** **** at *********** *** *** response *** * ******** if * ***** *** a **** **** ** try ** ****** *** input *** * ******** to *** ****. ****** that ************ *** ***-** for ********.

****, ** *****.

******, ****** ** ** a *** **********.**** ** *** ****.

**** *** ** ** IAPP **** *** *** Portuguese ********** **** **** effect. *** ********* *** included ** *** ***** for ***** ************ ***** the **********:

***** ************ ** ********** to *** **** ** protect ****** *** ******, which ** ** **** with *** ****’* ******** in ******** ** ***** surveillance. *** *** *********** the ******* ****** ****** public *****, ******** ** areas ******** ** *******, users ** *******, **** as *********, ******* ***** and ******** *****, *** can ** ***** ** ATMs ** **** * manner **** ** ******** the ********.

********* ** ******* ** some **** *** *** spreading ****.

*** ****** ******* *** some ***** ************ *** having ***** ** **** may ***** **** ********** Milestone ******* ***** *** immune **** **** ********** using *** *******. **** is ******* *** *** case, *** ********** ** his ****** ** ***, he *** *** ******* with **** **** *** lots ** **** **** if ** **** *** systems ** *** ***** way. ******* ** *** Milestone "******* *** *******" is ********** - *** damage *** **** ****, and *** ******** ****** its ******* (**** **** Milestone).

*** *** **** ** that **** ***** ************ systems ****** ****** *** you **** ** ** able ** ******** ***** people. ** *****'* ****** matter **** *** ******* things ** *** ********* have *** ********** **** as ****. *********, ***'** using * ****** ******** to ***** ******* ** people *** *** ** identified. **** *** ** that - ***** ****** have * ***** ** get ******* **** **** database. ** ***'** ********* for ** **** ** 100s ** *******, **** task *** ** * major **** ** *** ass. ** *** **** time, *** **** ** filter *** ******** ****!!! Certified ** ***.

*** ******* ***** ** in ****** (*** ****** to *********); * ********** put **** ** *** test *** ************ *** NOT ****** **** "** was * ****** ** export *****" ** * valid ****** *** *** providing * **** ** the *******.

*****://***.********.**/*******/************-*****-*****-*****-********-********-****-**-********-*****************-*******

*** ***** *** ****** VMS *****/********* ****** ****?

** * ****** ** here. **** **** ******* was ****** * **** a ******* (**) ****** request ** ********** ****/******* point ** *******. * did *** * ******* acknowledgement *** ** ******* response. * **** ****** it ** **** ***. Clock *** *** ****** 2 ******. ** *** all *** **** ******** what ******* ** *********** privacy, *** ** *** not ****.

***, ****** *** *******! I ********* **** ******* to ********* ****** **** to ****** *** *******.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Securing Access Control Installations Tutorial on Oct 17, 2019
The physical security of access control components is critical to ensuring that a facility is truly secure. Otherwise, the entire system can be...
IPVM Camera Calculator User Manual / Guide on Oct 16, 2019
Learn how to use the IPVM Camera Calculator (updated for Version 3.1). The guide below includes instructions, images, gifs, and videos...
Camera Focusing Tutorial on Oct 14, 2019
Camera focus is fundamental to quality imaging. Mistakes can significantly reduce details, making cameras less effective. In this guide, we...
Axis HD Analog Encoder Tested on Oct 11, 2019
Two years after declaring "Everything is IP", Axis has released their first HD analog encoder, the P7304, with support for AHD, CVI, TVI, and SD...
Last Chance - Register Now - October 2019 IP Networking Course on Oct 10, 2019
Last Chance - Register Now - Fall 2019 IP Networking Course. The course starts next week. This is the only networking course designed...
Network Optix NxWitness 4.0 Tested on Oct 10, 2019
Network Optix released Nx Witness 4.0, proclaiming new features like a deep learning analytics metadata SDK, increased H.265 support, and UX...
Crisis At China's Largest VMS Provider, Netposa, Now State-Controlled on Oct 07, 2019
NetPosa, which bills itself as the PRC's largest VMS provider, is in a crisis. The firm is pursuing huge unpaid bills from clients, and its...
Camera Cable Whip Guide on Oct 02, 2019
Cable whips are one of integrator's least favorite camera features but seem to be unavoidable, now commonplace on dome, turret, and bullet cameras...
Milestone Has Problems on Oct 01, 2019
Milestone has problems. While the company previously excelled in the shift to IP cameras, as IP has matured and competitive differentiation has...
Wide Dynamic Range (WDR) Guide on Oct 01, 2019
Understanding wide dynamic range (WDR) is critical to capturing high quality images in demanding conditions. However, with no real standards, any...

Most Recent Industry Reports

Government-Owned Hikvision Wants To Keep Politics Out Of Security on Oct 21, 2019
'Politics' made Hikvision the goliath it is today. It was PRC China 'politics' that created Hikvision, funded it, and blocked its foreign...
Integrated IR Camera Usage Statistics 2019 on Oct 21, 2019
Virtually every IP camera now comes with integrated IR but how many actually make use of IR or choose 'super' low light cameras without IR? In...
Alarm Veteran "Demands A Criminal Investigation" Of UL on Oct 18, 2019
The Interceptor's Project pressure against UL continues to rise. Following Keith Jentoft's allegation that "UL Has Blood On Their Hands", Jentoft...
Camect "Worlds Smartest Camera Hub" Tested on Oct 18, 2019
Camect is a Silicon Valley startup that claims the "Smartest AI Object Detection On The Market", detecting not only people and vehicles, but...
Hikvision Global News Reports Directory on Oct 17, 2019
Hikvision has received the most global news reporting of any video surveillance company, ever, ranging from the WSJ, the Financial Times, Reuters,...
Camera Calculator V3.1 Release Improves User Experience on Oct 17, 2019
IPVM has released a new version of our Camera Calculator, V3.1, with significant user experience improvements, a new development plan, and an...
Securing Access Control Installations Tutorial on Oct 17, 2019
The physical security of access control components is critical to ensuring that a facility is truly secure. Otherwise, the entire system can be...
Access Control Course Fall 2019 - Last Chance on Oct 17, 2019
Register Now - Fall 2019 Access Control Course. Thursday, October 17th is the last day to register. IPVM offers the most comprehensive access...
US DoD Comments on Huawei, Hikvision, Dahua Cyber Security Concerns on Oct 16, 2019
A senior DoD official said the US is "concerned" with the cybersecurity of Hikvision, Dahua, and Huawei due to "CCP" (China Communist Party)...
Pelco Sarix Pro3 Camera Tested on Oct 16, 2019
Pelco has released their Sarix Professional Series 3 cameras, claiming "more security detail in challenging scenes with excellent low light and...