Euralarm welcomes the initiatives from the European Commission towards legislations promoting the data economy. However, the European association representing the electronic fire safety and security industry stresses that specific provisions would generate security risks, if enforced as intended in the present draft of the Data Act.
There are specific concerns with chapter II of the proposal that makes the sharing of data with third parties mandatory.
Data related to security activities are linked to critical and very sensitive operations and procedures. With access to this data, it would be possible to gain a very deep understanding of the installation and performance of the system or service. This would result in a very high risk of security breaches, including cybersecurity breaches, both to a given customer installation and to the whole security system itself.
Furthermore, the criticality of data generated by security systems (e.g. video surveillance systems) is already recognized by national laws regulating private security and the installation of video surveillance systems. These laws limit the right to share information related to or generated by these systems. The data sharing provisions of the draft Data Act are therefore in conflict with these national laws.
Finally, access to pure operational data/metadata does not provide any benefit to the end-user, neither allows a smoother switching of provider. Therefore, there is no benefit in allowing/imposing any requirement in the way the data have to be accessed or managed.
In a recently published Position Paper Euralarm proposes several amendments as well as a new article to the draft Regulation in order to exempt security-related data from the obligation of sharing. Services Directive 2006/123/EC excludes private security services from its scope via Article 2(2)(k). Euralarm therefore believes that a similar exemption in the Data Act should be feasible. A copy of the Position Paper can be downloaded from the Euralarm website here.