Euralarm issued a statement welcoming the initiatives from the European Commission towards legislation promoting the data economy. However, it also said that the European association representing the electronic fire safety and security industry stresses that specific provisions would generate security risks, if enforced as intended in the present draft of the Data Act.
There are specific concerns with chapter II of the proposal that make sharing data with third parties mandatory.
Data related to security activities are linked to critical and very sensitive operations and procedures. With access to this data, it would be possible to gain a very deep understanding of the installation and performance of the system or service. This would result in a very high risk of security breaches, including cybersecurity breaches, both to a given customer installation and to the whole security system itself.
Furthermore, the criticality of data generated by security systems (e.g. video surveillance systems) is already recognised by national laws regulating private security and installing video surveillance systems. These laws limit the right to share information related to or generated by these systems. The data-sharing provisions of the draft Data Act are, therefore, in conflict with these national laws.
Finally, access to pure operational data/metadata does not provide any benefit to the end-user, neither allows a smoother switching of provider. Therefore, there is no benefit in allowing/imposing any requirement in how the data must be accessed or managed.
In a recently published Position Paper Euralarm proposes several amendments as well as a new article to the draft Regulation in order to exempt security-related data from the obligation of sharing. Services Directive 2006/123/EC excludes private security services from its scope via Article 2(2)(k). Euralarm, therefore, believes that a similar exemption in the Data Act should be feasible.
A copy of the Position Paper can be downloaded from the Euralarm website here.
