/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsMartha Bennett
Questions regarding the potential European Commission investigation of
Microsoft Passport
with regard to potential violations of data protection regulations? And if so,
is Microsoft likely to face fines?
True: There is a chance that Microsoft may face fines in Europe if
it is found that the MS Passport service violates European data protection
legislation.
Also true: The European Commission has said that it will investigate
whether the privacy safeguards within Passport are adequate.
False: The European Commission’s investigation into Passport is part of
its antitrust investigation against Microsoft.
False: The European Commission is in a position to take direct action
(including imposition of fines) against Microsoft in case Passport is found to
be in violation of data protection legislation.
Not surprisingly, the announcement on May 27 that the European Commission was
set to investigate whether Microsoft’s Passport service was in contravention
of European Union (EU) data protection legislation led to a flurry of headlines.
Equally unsurprising, no doubt, was that many people immediately connected this
announcement with the ongoing European Commission antitrust investigation
against Microsoft.
But while there may be political reasons for putting as much heat as possible
on Microsoft, it is important to keep the two issues separate. The reason is
that, with respect to the antitrust investigation, the European Commission
"has teeth": Uncertainties regarding the ongoing Microsoft monopoly
case notwithstanding, several recent high-profile antitrust cases have shown
that the European Commission is in a position to rule against companies in
competition cases and to enforce its decision. Anybody who needs convincing
should familiarize themselves with the GE/Honeywell or the Schneider/Legrand cases
(in the first case, a crossborder acquisition was prevented, and in the second,
the companies were even forced to roll back on a merger that had already been
executed).
But regarding the Microsoft case, even if the European Commission does find
that Passport violates European data protection legislation, it will not be
able to take any direct action against Microsoft as a result. All it can do is
to contact the governments of each of the 15 EU member states, tell them of its
findings and recommend what action should be taken. The rest is up to each
national government. Individual EU countries could take action, including
imposing fines, but any such action would be limited to the country in which it
was taken. There is the possibility that
(1) each EU country decides to take action, following advice from the European
Commission, and
(2) each EU country takes the same course of action. In practice, however, it
would be untypical for EU countries to be totally aligned on issues of this
kind.
In conclusion, we do not even know which aspects of Passport are being
investigated and against which parts of the existing data protection legislation
Passport is being measured. The complaints about Passport have, to the best of
our understanding, centered on three major aspects:
- security of the information collected through, and held within, the
Passport system, - issues concerning the potential release to third parties and/or
cross-border transfer of such data and - the potential that customers might be denied access to services or use of
software if they do not sign up for Passport.
The EU investigation into Microsoft Passport, while entirely separate from
the antitrust case, cannot be ignored, and the outcome of the investigation may
lead to some kind of action, including imposition of fines, against Microsoft.
Most importantly, organizations that may have been considering offering Passport
on their own Web sites should watch the progress and outcome of this
investigation closely.
(The foregoing information is provided as general background and is not
intended as legal advice. Giga Information Group Inc. cannot and does not
provide legal advice. Readers are advised to consult their attorney for legal
advice related to this information.)