Microsoft agrees to changes under EU pressure

  • 2003-02-06
BRUSSELS

U.S. software giant Microsoft has agreed to make "substantial changes" to its Passport system to meet European Union data protection concerns, officials said Jan. 30.

Internal Market Commissioner Frits Bolkestein said the agreement on Microsoft's NET Passport system - which critics say is vulnerable to hackers - would boost users' data privacy.

"Microsoft has agreed to implement a comprehensive package of data protection measures, which will mean making substantial changes to the existing .NET Passport system," said a statement.

The Microsoft system allows users to sign into any Web site taking part in Passport, such as online retailers, using a Hotmail address and a single password. "The bottom line is that users' data will now be better protected," said Bolkestein, after a meeting of EU experts on data protection.

"The industry in general now needs to take on board the (EU's) guidelines when developing new systems," he added.

Passport has been criticized both in Europe and the United States for being vulnerable to hackers who could steal credit-card information stored on a Passport Wallet.

Microsoft, meanwhile, has been forced to defend itself against charges that it stored more information on users than advertised in its personal privacy policy.

The EU announcement comes after the Seattle-based firm reached an agreement with the U.S. Federal Trade Commission last August to boost data privacy and security on Passport.

Microsoft agreed to a "comprehensive information security program that protects the security, confidentiality and integrity of the personal information collected from our customers," corporate Vice President Brian Arbogast said at the time.

Microsoft also agreed to an audit of its Passport security by an independent company.

"We will also ensure that all of the statements we make about the service are accurate and clear," Arbogast said after Microsoft was accused of hyping the Passport program.

The EU agreement came about through discussions between Microsoft officials and a working party of EU experts on data protection.

"The most important consequence is that users will be fairly and thoroughly informed and empowered to decide as to which data they want to provide and under which conditions these data will be processed by Microsoft or by the participating Web sites," the working party said in a statement.

Microsoft agreed to make the changes "within an agreed timetable," which was not specified.