Microsoft will in the coming weeks sign up to the European Union-US
Safe Harbor agreement, which allows firms to export personal data
about their customers to the US from Europe.
The decision by US organisations to sign the agreement is
voluntary, but if they do not sign up by 1 July, they may be
subject to enforcement actions in Europe. From that date,
transferring data to the US will be in breach of the EU data
protection directive which outlaws the transfer of personal data to
countries, including the US, with inadequate data protection
codes.
"Because our company privacy policies are consistent with the EU
principles for data protection, Microsoft is able to sign the Safe
Harbor agreement with the US Department of Commerce," said Richard
Purcell, the company's director of corporate privacy.
US organisations that decide to sign the Safe Harbor agreement - 40
so far - must comply with its requirements and publicly declare
that they do so by signing up with the US Department of
Commerce.
Microsoft is pushing the issue of data privacy to the top of both
its corporate affairs and its technology agenda, according to
Purcell. "Our products will make privacy and security the
fundamental building blocks for the future," he said, adding that
Microsoft is developing privacy-enabling technologies that will
"fit in well" with the approach to data privacy in the EU's
directive.
Hailstorm, the first step in Microsoft's .Net initiative, will
require explicit consent from users before any personal data is
transferred. "It will be an opt-in only system," Purcell said.
He said the aim of Hailstorm was to provide the software for a
middleman to perform a stewardship role between e-commerce Web
sites and consumers. "Postal services could perform that role;
Microsoft could as well," he said.
Internet Explorer version 6, due out later this year, will also
have a more protective approach to personal data than its
predecessors. The new browser will give the user an enhanced level
of control over the presence of cookies in their computer. "For
cookies to remain in the computer will require notification and
consent," Purcell said.