Want CNET to notify you of price drops and the latest stories?

Microsoft agrees to Passport changes

The software company's deal with the European Union over privacy protection in .Net Passport should give people worldwide more control over how their personal information is shared.

2 min read
Microsoft has reached an agreement with the European Union to implement a package of changes in its .Net Passport online authentication service, to prevent the service from running afoul of EU data protection laws.

Although the changes came about as a result of a yearlong dialogue between the company and the European Union, they will be implemented globally, said Matt Lambert, director of government affairs for Microsoft in Europe, the Middle East and Africa.

The main changes should give Passport users more control over how their personal data is shared with partner sites such as auction company eBay and music service Pressplay.

"At the moment, when people sign up for Passport they are given a number of options about what personal information they want to be shared with partner sites--the bare minimum is an e-mail address and password," said Lambert. Under the agreed changes, he said, Passport users would get "increased options about level of information they want to be shared with partnering sites," he said.

In the sign-up form, Microsoft will also provide guidance to help users create secure passwords, and add a link to European Commission's Web site on data protection. "They have information there about laws outside the EU, so you will be able to make an informed judgment about what information you're happy (to be shared with sites in different countries)," said Lambert.

Jonathan Todd, a spokesman for the European Union's executive body, said the changes made it unlikely that Passport would break EU data protection rules. "There would not seem to be any reason to take any form of sanctions against the company,'' he said at a news conference.

"My understanding is that the member states' authorities are now all satisfied that the system will be adapted to the requirements of EU data protection legislation as reflected in their own national legislations,'' Todd said. The 15 member states of the EU include United Kingdom, Germany and France.

But a working group of EU data regulators said it will continue to monitor both the Passport system and the Liberty Alliance Project, a rival authentication system backed by Sun Microsystems.

Speaking to ZDNet U.K., Lambert said Microsoft is concerned about protecting customer data. "That information is held by Microsoft, but not used for any purpose other than authentication," he said. "We have gone along the road of having a very high level of protection of data with Passport. We have tried to be ahead of the legal requirement."

However, the EU still has unresolved questions about privacy protections in Microsoft software. "In particular, two issues need further consideration," said Todd. These are, he said, the "current electronic advertisement communication within Hotmail" and the use of identifiers both in the .Net Passport system and by the Liberty Alliance Project.

ZDNet U.K.'s Matt Loney reported from London.

Reuters contributed to this report