EU forces Passport changes from Microsoft

Microsoft has been forced to make "substantial changes" to its .net Passport user authentication service to bring it into line...

Microsoft has been forced to make "substantial changes" to its .net Passport user authentication service to bring it into line with European Union laws.

A committee of European Union data protection registrars responsible for examining the .net Passport, and the Liberty Alliance, said the changes to Passport would allow users "much more information and choice as to which data they want to provide, and under which conditions these data will be processed by Microsoft or the participating websites".

Microsoft agreed to increase the options enabling users to choose the level of information they share with Passport and the participating sites on a site-by-site basis.

Other changes include introducing a prompt box that will appear on screen when users designate themselves as EU residents, summarising key information about privacy policies within the EU, said Microsoft Europe, Middle East and Africa senior attorney Peter Fleischer.

Microsoft also agreed to provide EU users with a link to the European Commission's website on data protection laws outside the EU.

Finally, Microsoft agreed to provide easy-to-follow guidance to help users create secure passwords for enhanced online data protection.

The committee did not mention any demands for changes to Liberty Alliance's offering.

The European Commission, which was at the meeting of national registrars as an observer, welcomed the outcome.

Frits Bolkestein, the European Commission official for internal market issues, said, "The bottom line is that users' data will now be better protected. The industry in general now needs to take on board the guidelines when developing new systems."

Microsoft's Fleischer said, "The changes that we will make are the result of an open and constructive dialogue. Today's announcement is an important step forward in the necessary collaboration between government and industry to achieve a common goal - improving privacy for the benefit of consumers."

Read more on IT risk management