EU: Microsoft Agrees to .NET Passport Changes

The European Commission on Thursday said Microsoft has agreed to make some major changes to its .NET Passport authentication system.

Through Passport, users who register for the service have to enter personal information, such as e-mail address and password once, and then can enter a variety of Web sites without re-entering the same information. Microsoft has been under pressure to make modifications to its .NET Passport system, because of concerns it does not adequately protect data privacy.

“Microsoft has agreed to implement a comprehensive package of data protection measures, which will mean making substantial changes to the existing .NET passport system,” the European Commission said in a statement.

With Microsoft’s decision to modify .NET Passport it is expected the EU will lift its threat of sanctions against the software company. The changes will also apply to members of the Liberty Alliance, which includes Sun Microsystems and several other Microsoft competitors.

The EU did not make public specific details of the agreement, but did mention it would monitor how Microsoft handles electronic advertisements within Microsoft’s Hotmail e-mail program and how it will make use of identifiers in the .NET Passport system.

EU officials are reported to have said the latest changes will mean that users of the .NET Passport system will get more information and choices about what information they want to provide and the conditions under which that data will be processed by Microsoft or Web sites participating in its system.

The move by Microsoft comes after an EU investigation over the past year into the company’s privacy policies. The investigation of Passport is separate from the European Commission’s ongoing antitrust investigation of the software giant.

The latest changes go beyond the alterations Microsoft consented to last year, after a complaint to the U.S. Federal Trade Commission by a dozen privacy and consumer groups over the software company’s alleged misuse of consumer’s personal data.