EU Seen Letting Microsoft Off the Hook on Passport
Thu January 23, 2003 12:53 PM ET
By Lisa Jucca
BRUSSELS (Reuters) - The EU's privacy watchdogs are expected to say next week that Microsoft's .NET Passport system broadly complies with EU data protection rules and only minor changes are needed, EU sources said on Thursday.
In a dramatic climbdown from harsh criticism voiced in July, EU national privacy controllers are expected to adopt a recommendation by experts from their Internet Task-Force that says previous concerns were exaggerated.
"This (Passport) is not a system the controllers see with horror," a source close to the issue told Reuters.
"The system can be operated within the EU data protection rules provided some adjustments are made."
National data controllers are charged with monitoring compliance with the EU's tough rules on personal data privacy.
Launched in 1999, .NET Passport aims to simplify e-commerce by allowing consumers to store passwords, credit-card numbers and other personal information in one location. It has already registered over 100 million users.
To register, users have to provide personal data -- email addresses, usernames, passwords and, in some cases, phone numbers. Microsoft says users supply data on a voluntary basis.
Microsoft has repeatedly said it was fully in line with EU rules and stood ready to cooperate with EU authorities.
FUTURE GUIDELINES
The source said the document had similar recommendations with regard to the on-line authentication system developed by Liberty Alliance, which represents 70 companies including Sun Microsystem and Hewlett-Packard.
These views are expressed in a draft opinion to the European Commission that EU national data controllers are set to adopt at a meeting on January 28-29.
If adopted, the recommendations could be used as a guideline for companies wishing to commercialize similar on-line systems in the future.
"It's very possible the document will be adopted," a second EU source said.
In July, data controllers said they wanted to examine more closely whether .NET Passport users were fully aware that some of their data would sometimes be transferred to a party other than Microsoft, possibly located in a third country.
Under EU data privacy rules, customers' personal data can only be used by a firm or passed on to others with the prior consent of the individual.
The inquiry was triggered by complaints by privacy associations. While the Commission has authority to help member states interpret EU law, any legal action can only be launched by the individual member states.
Thu January 23, 2003 12:53 PM ET
By Lisa Jucca
BRUSSELS (Reuters) - The EU's privacy watchdogs are expected to say next week that Microsoft's .NET Passport system broadly complies with EU data protection rules and only minor changes are needed, EU sources said on Thursday.
In a dramatic climbdown from harsh criticism voiced in July, EU national privacy controllers are expected to adopt a recommendation by experts from their Internet Task-Force that says previous concerns were exaggerated.
"This (Passport) is not a system the controllers see with horror," a source close to the issue told Reuters.
"The system can be operated within the EU data protection rules provided some adjustments are made."
National data controllers are charged with monitoring compliance with the EU's tough rules on personal data privacy.
Launched in 1999, .NET Passport aims to simplify e-commerce by allowing consumers to store passwords, credit-card numbers and other personal information in one location. It has already registered over 100 million users.
To register, users have to provide personal data -- email addresses, usernames, passwords and, in some cases, phone numbers. Microsoft says users supply data on a voluntary basis.
Microsoft has repeatedly said it was fully in line with EU rules and stood ready to cooperate with EU authorities.
FUTURE GUIDELINES
The source said the document had similar recommendations with regard to the on-line authentication system developed by Liberty Alliance, which represents 70 companies including Sun Microsystem and Hewlett-Packard.
These views are expressed in a draft opinion to the European Commission that EU national data controllers are set to adopt at a meeting on January 28-29.
If adopted, the recommendations could be used as a guideline for companies wishing to commercialize similar on-line systems in the future.
"It's very possible the document will be adopted," a second EU source said.
In July, data controllers said they wanted to examine more closely whether .NET Passport users were fully aware that some of their data would sometimes be transferred to a party other than Microsoft, possibly located in a third country.
Under EU data privacy rules, customers' personal data can only be used by a firm or passed on to others with the prior consent of the individual.
The inquiry was triggered by complaints by privacy associations. While the Commission has authority to help member states interpret EU law, any legal action can only be launched by the individual member states.
Comment