The decision by US organisations to sign the agreement is voluntary, but if they do not sign up by 1 July, they may be subject to enforcement actions in Europe. From that date, transferring data to the US will be in breach of the EU data protection directive which outlaws the transfer of personal data to countries, including the US, with inadequate data protection codes.
"Because our company privacy policies are consistent with the EU principles for data protection, Microsoft is able to sign the Safe Harbor agreement with the US Department of Commerce," said Richard Purcell, the company's director of corporate privacy.
US organisations that decide to sign the Safe Harbor agreement - 40 so far - must comply with its requirements and publicly declare that they do so by signing up with the US Department of Commerce.
Microsoft is pushing the issue of data privacy to the top of both its corporate affairs and its technology agenda, according to Purcell. "Our products will make privacy and security the fundamental building blocks for the future," he said, adding that Microsoft is developing privacy-enabling technologies that will "fit in well" with the approach to data privacy in the EU's directive.
Hailstorm, the first step in Microsoft's .Net initiative, will require explicit consent from users before any personal data is transferred. "It will be an opt-in only system," Purcell said.
He said the aim of Hailstorm was to provide the software for a middleman to perform a stewardship role between e-commerce Web sites and consumers. "Postal services could perform that role; Microsoft could as well," he said.
Internet Explorer version 6, due out later this year, will also have a more protective approach to personal data than its predecessors. The new browser will give the user an enhanced level of control over the presence of cookies in their computer. "For cookies to remain in the computer will require notification and consent," Purcell said.