14 June 2002 The European Commission has confirmed that the European Union (EU) is looking into allegations that Microsoft’s Passport authentication system could be violating EU rules on users’ privacy and data protection.
“No formal investigation” has been launched, said a spokesman, but he hinted that one could be on the cards. An official announcement by EU member states is scheduled for 1 July. Microsoft has vehemently denied that Passport breaches EU law and has refuted claims that the EU is considering taking action.
Passport is a fundamental plank of Microsoft’s Internet strategy, known as .Net, since it allows users to log onto a range of web sites without having to re-enter details every time. Microsoft claims that there are currently 200 million Passport users worldwide – although many of them may not know it.
National privacy controllers representing the various EU member states will be meeting on 1 July to discuss the matter. Various civil rights groups in Europe have been putting pressure on EU governments to investigate Passport.
The controversy surrounding Passport in Europe centres on the notion of consent. Under EU law, a user’s personal data can only be collated with that individual’s express consent.
Microsoft insists that the information about users that Passport collects and stores is indeed given voluntarily. Privacy advocates are concerned that, by building a huge central repository of personal data held by a single company, Microsoft’s initiative will threaten civil liberties.
At the same time, EU regulators are also examining whether media-player software may infringe privacy laws because of the data such software sends back about viewing and listening habits. The EU is concerned that many media players contain components that amount to ‘spyware’ and that users are not fully aware about the range of information that media players quietly collect.
RealNetworks, which makes one of the most widely-used media players, has said that data collection is aggregated and that information about individual users is not stored. However, RealNetworks has got into trouble with privacy activists in the past about its data collection policies.