Users to get more control over .Net Passport

Changes to bring Microsoft's .Net Passport authentication service into line with EU privacy laws will benefit users worldwide

Microsoft has reached an agreement with the European Union to implement a package of changes in the .Net Passport online authentication service to stop it running afoul of EU data protection laws.

Although the changes came about as a result of a year-long dialogue with the European Union, they will be implemented globally, said Matt Lambert, director of government affairs for Microsoft in Europe, the Middle East and Africa.

The main changes see users given more control over how their personal data is shared with partner sites such eBay, QXL, Lastminute.com and Pressplay.

"At the moment, when people sign up for Passport they are given a number of options about what personal information they want to be shared with partner sites -- the bare minimum is an email address and password," said Lambert. Under the agreed changes, he said, users would get "increased options about level of information they want to be shared with partnering sites."

Microsoft will also add guidance to help users create secure passwords, and add a link to European Commission's Web site on data protection. "They have information there about laws outside the EU, so you will be able to make an informed judgment about what information you're happy (to be shared with sites in different countries)," said Lambert.

Jonathan Todd, a spokesman for the European Union's executive body said the changes made it unlikely that Passport would break EU data protection rules. "There would not seem to be any reason to take any form of sanctions against the company,'' he said at a news conference.

"My understanding is that the member states' authorities are now all satisfied that the system will be adapted to the requirements of EU data protection legislation as reflected in their own national legislations,'' Todd said.

But a working group of EU data regulators said it will continue to monitor both the Passport system and Liberty Alliance Project, a rival authentication system backed by Sun Microsystems.

Speaking to ZDNet UK, Lambert said Microsoft is concerned about protecting customer data. "That information is held by Microsoft, but not used for any purpose other than authentication," he said. "We have gone along the road of having a very high level of protection of data with Passport. We have tried to be ahead of the legal requirement."

However, the EU still has unresolved issues. "In particular, two issues need further consideration," said Todd. These are, he said, the "current electronic advertisement communication within Hotmail" and the use of identifiers both in the .Net Passport system and by the Liberty Alliance Project.

Reuters contributed to this report


Who's watching you? Get the latest on spy networks such as Echelon and Carnivore, as well as privacy issues for companies and individuals alike, at ZDNet UK's Privacy News Section.

Let the editors know what you think in the Mailroom.