Passport to Address EU Privacy Concerns

Microsoft has agreed to make changes to its online authentication system, .NET Passport, to satisfy privacy concerns expressed by a European Union (EU) advisory committee. Unlike the U.S. Federal Trade Commission (FTC), which imposed broad and generic conditions on Passport for the next 20 years, the EU committee suggested some very specific steps that must be completed by the end of July 2004-18 months from the date the EU published its recommendations.

More Control over Personal Data

The committee, known as the Data Protection Working Party, was formed in mid-2002 to investigate privacy concerns about online authentication systems, including both Passport and the system proposed by the Liberty Alliance, a consortium of companies led by Sun Microsystems. In a document released on Jan. 30, 2002, the committee said that Microsoft had agreed to make the following changes to satisfy the committee’s concerns:

Site-by-site option. Today, when users sign up for a Passport, they may opt to share three sets of information with participating Passport sites: their e-mail address, their first and last name, and other personal information such as their gender and ZIP code. Once these boxes are checked, the data is automatically shared with all other participating sites when they log on to them. However, within 18 months, users will have the option to change or deny access to each set of information on a site-by-site basis. (For purposes of the agreement, all MSN Web sites are considered to be a single site.)