The European Commission's ruling that Microsoft must make
"substantial changes'' to its .net Passport system to safeguard
users' privacy will have major implications for the future of
online authentication and identity management systems, experts have
warned.
Systems such as Passport work by storing personal
data such as credit card details and billing addresses to enable
users to fill out online registration and shopping forms
automatically, without re-keying data. However, there are fears
this data could fall into the wrong hands and be used for
unauthorised purposes.
In a statement last week, the commission said Microsoft had agreed
to implement "a comprehensive package of data protection measures"
to give users more information and choice over the data they
provide and how it is used.
"Anyone out there developing similar systems [to Passport] needs to
take note of this ruling and the importance of complying with data
protection issues," said Paula Barrett, a partner in the IT and
e-commerce group at law firm Eversheds.
Barrett said the ruling was indicative of a more rigorous
enforcement of data protection laws across Europe. "There is more
to come - the tide is turning," she said.
Overall, Barrett praised the Microsoft ruling. "It is helpful. It
puts it in context," she said. However, it is unlikely to be the
end of the matter.
"The working party [of EU regulators] will continue monitoring
future developments in this field," the commission said. "In
particular, two issues need further consideration: the current
electronic advertisement communication within Hotmail and the use
of identifiers both in the .net Passport system and by the Liberty
Alliance project."