European data protection officials said Thursday they have made Microsoft Corp. agree to make “substantial changes” to its .Net Passport, to bring it into line with European Union (EU) laws.
The committee of data protection registrars responsible for examining the .Net Passport and its nearest equivalent, the Liberty Alliance, said in a statement that the changes to Passport will allow users “much more information and choice as to which data they want to provide, and under which conditions these data will be processed by Microsoft or the participating Web sites.”
The changes Microsoft has agreed to make include introducing a prompt box that will appear on screen when users designate themselves as EU residents, summarizing key information about privacy policies within the EU, said Peter Fleischer, Microsoft Europe, Middle East and Africa’s (EMEA’s) senior attorney and lead on privacy issues.
Microsoft also agreed to provide EU users with a link to the European Commission’s Web site on data protection laws outside the EU, and with increased options enabling users to choose the level of information they share with Passport and the participating sites on a site-by-site basis.
Finally, Microsoft agreed to provide easy-to-follow guidance to help users create secure passwords for enhanced online data protection .
The committee did not mention any demands for changes to the Liberty Alliance, an open-source platform with no central identity, which will host companies wanting to work together on the Internet, using one common identification and access point to their Web sites for their customers.
The European Commission, which was at the meeting of national registrars as an observer, welcomed the outcome. “I would like to congratulate the Working Party for its constructive approach and the excellent results achieved,” said Frits Bolkestein, the commissioner for internal market issues.
“The bottom line is that users’ data will now be better protected. The industry in general now needs to take on board the Working Party’s guidelines when developing new systems,” he said.
The committee, called the Article 29 Working Party, said in its statement that since it began to examine .Net Passport last June, it has established “an open and fruitful dialogue with Microsoft.”
That dialogue led to Microsoft’s commitment to make “substantial changes in the .Net Passport system involving, among other things, a radical change of the information flow,” the committee said.
The committee said that as online authentication services develop it is important that they respect EU data protection laws.
Microsoft welcomed the agreement. “We applaud the work of the Article 29 Working Party,” Fleischer said.
“The changes that we will make are the result of an open and constructive dialogue. In our view, today’s announcement is an important step forward in the necessary collaboration between government and industry in order to achieve a common goal — improving privacy for the benefit of consumers,” he said.
