Microsoft fixes Passport to meet EU rules

By : |January 30, 2003 0

BRUSSELS: The European Commission has said that software giant Microsoft had agreed to make “radical” changes to its .NET Passport system to ease concerns about data privacy posed by Internet identity systems.

The agreement settles a half-year long examination by European Union privacy watchdogs into on-line authentication systems such as Passport. “Microsoft has agreed to implement a comprehensive package of data protection measures, which will mean making substantial changes to the existing .NET passport system,” the Commission said in a statement. No details were given.

Jonathan Todd, a spokesman for the European Union’s executive body, said it was now unlikely that the Passport system, used to identify Internet users, would fall foul of government data protection rules in the 15-country bloc.

“There would not seem to be any reason to take any form of sanctions against the company,” he said.

“My understanding is that the member states’ authorities are now all satisfied that the system will be adapted to the requirements of EU data protection legislation as reflected in their own national legislations,” Todd told a news briefing.

So-called consumer authentication systems are widely used by companies ranging from retailers to banks that have regular customers. The systems store customers’ personal details in a single location to streamline on-line transactions.The key move promised by Microsoft was a “radical change to the information flow”, ensuring Internet users would get more information and a wider choice of how their personal data could be used, the Commission said without giving further details.

The EU watchdogs are national data controllers and they form an EU body charged with monitoring compliance of EU data privacy rules. A working party made up of national representatives holds regular meetings in Brussels.

The data controllers also issued guidelines for a project by the Liberty Alliance, which includes 150 companies, including Sun Microsystems and Citigroup, and is a trade body working on standards for authentication systems.

The EU data regulators said they would continue to monitor both the Passport system and the Liberty Alliance project. “Due to the evolving nature of the Microsoft .NET Passport system, of the Liberty Alliance project and of other similar authentication services, the working party will continue monitoring future developments in this field,” the regulators said.

“In particular, two issues need further consideration: the current electronic advertisement communication within Hotmail and the use of identifiers both in the .NET Passport system and by the Liberty Alliance project.” Identifiers are strings of code unique to each computer user and these have caused concern over how the data may be applied.

Simon Davies, director of consumer advocacy group Privacy International, praised the plan to keep monitoring Passport and other online authentication systems, saying oversight will become more necessary as acceptance of these systems grows.

“I just hope the Commission can keep its eye on the ball,” Davies said. “Passport-like systems are an evolving component of the Internet. It’s a wonder the bureaucracy can keep up with the commercial development of these systems.”

© Reuters

No Comments so fars

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.