European Commission shines spotlight on Passport security

The European Commission is preparing to follow the US Federal Trade Commission with an investigation into Microsoft's popular...

The European Commission is preparing to follow the US Federal Trade Commission with an investigation into Microsoft's popular Passport Internet service.

Earlier this month, Microsoft agreed with the FTC to implement comprehensive changes to its Passport service to maintain privacy and security of personal information collected from consumers.

Now a working party established by the European Commission to look at online authentication services has concluded that "a number of elements of the .net Passport system raise legal issues and require further consideration".

The working party has already questioned whether the Passport system breaks the European Union-US Safe Harbour agreement on data protection.

Because Passport collects personal information from consumers and allows them to sign in at any participating Website with a single name and password, there is concern that personal data could migrate beyond the control of computer users to other countries. This would contravene the trans-Atlantic deal.

Working party documents obtained by said that further inquiries would be made into the "information given to the data subjects at the moment of collecting."

It added that EC experts would also consider:

  • The value and quality of the consent given by data subjects and the extent to which they exercise their data protection rights

  • Data protection rules applied by the websites affiliated to .net Passport

  • The necessity and conditions of use of unique identifiers

  • The proportionality and quality of data of the data collected and stored by .net Passport, which is transmitted to affiliated sites

  • Associated security risks

  • The paper concluded that the working party should "assess where the European data protection principles are correctly complied with and, where appropriate, to identify elements of the systems that require changes".

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.