The changes, which include a radical change of the information flow within Passport, will be made to ensure that the company’s online authentication system reflects the requirements of the European Data Protection Directive.
The agreement was announced by the European Commission’s Article 29 Working Party on data protection, which has been examining how Passport and the rival online authentication system from the Sun Microsystems Inc-backed Liberty Alliance Project comply with data protection rules within the EU.
The working party has produced a working document of guidelines that will apply to Passport, the Liberty Alliance Project and future online authentication systems, and a commitment from Microsoft to implement a comprehensive package of data protection measures.
Details of the Passport changes and guidelines should be revealed when the Article 29 Working Party publishes its report in the coming days. A Microsoft spokesperson said it is still early days for the agreement, and that the company is not in a position to discuss changes to Passport at this stage.
The most important consequence is that users will be fairly and thoroughly informed and empowered as to decide as to which data they want to provide and under which conditions these data will be processed by Microsoft or by the participating web sites, said the Working Party in a statement.
The Working Party is convinced that the outlined changes in the Microsoft .NET Passport system, once fully implemented, will give users much better protection for their personal data, it continued.
The Working Party also said it would closely monitor the deployment and implementation of the changes agreed by Microsoft, and the future development of alternative online authentication systems. In particular, two issues need further consideration: the current electronic advertisement communication within Hotmail and the use of identifiers both by the .NET Passport system and by the Liberty Alliance project, it said.
The working document will also contain a chapter on the Liberty Alliance project that addresses considerations as to the issues at stake at this stage of development of the project, as well as guidelines for future development considerations.
The European Commission further added that the document adopted by the Working Party, and Microsoft’s commitment to improved data protection was unrelated to, and had no influence on, its ongoing competition case against the company.
The Article 29 Working Party was set up after European regulators raised concerns as to whether measures made by Microsoft to address data protection in Passport were satisfactory. Similar concerns in the US were addressed by a settlement deal between Microsoft and the US Federal Trade Commission in August 2002, which subjects Microsoft’s security measures to third-party audit indefinitely.
While Microsoft was unable to avoid the EU’s data protection rules, the company’s chairman, Bill Gates, fared better in avoiding being hit with a custard pie. Gates, who is in Brussels for an e-government conference, would not discuss the data privacy decision, according to a Reuters report, but did manage to avoid Belgium’s top practical joker Noel Godin.
Godin famously managed to hit Gates with a cream cake on a previous trip to the Belgian capital in 1998, but was kept away from Gates by police on this occasion, according to Reuters.
Source: Computerwire
