Euralarm raises concerns over data sharing provisions of proposed European Data Act
Following initiatives from the European Commission regarding legislation promoting the data economy, Euralarm has raised concerns over specific provisions in the proposed Data Act that may generate security risks.
In particular, Euralarm notes chapter II of the proposal that makes the sharing of data with third parties mandatory.
Euralarm’s position is as follows:
“Data related to security activities are linked to critical and very sensitive operations and procedures. With access to this data, it would be possible to gain a very deep understanding of the installation and performance of the system or service. This would result in a very high risk of security breaches, including cyber security breaches, both to a given customer installation and to the whole security system itself.
“Furthermore, the criticality of data generated by security systems (such as video surveillance systems) is already recognised by national laws regulating private security and the installation of video surveillance systems. These laws limit the right to share information related to or generated by these systems. The data sharing provisions of the draft Data Act are therefore in conflict with these national laws.
“Finally, access to pure operational data/metadata does not provide any benefit to the end-user, neither allows a smoother switching of provider. Therefore, there is no benefit in allowing/imposing any requirement in the way the data has to be accessed or managed.”
In a recently published Position Paper Euralarm proposes several amendments, as well as a new article to the draft Regulation in order to exempt security-related data from the obligation of sharing. Services Directive 2006/123/EC excludes private security services from its scope via Article 2(2)(k). Euralarm therefore believes that a similar exemption in the Data Act should be feasible.
A copy of the Position Paper can be downloaded from the Euralarm website here.