[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FYI] First orientations of the Article 29 Working Party concerning on-line authentication services
- To: debate@lists.fitug.de
- Subject: [FYI] First orientations of the Article 29 Working Party concerning on-line authentication services
- From: "Axel H Horns" <horns@ipjur.com>
- Date: Mon, 15 Jul 2002 20:22:32 +0200
- CC: krypto@thur.de
- Delivered-To: mailing list debate@lists.fitug.de
- List-Help: <mailto:debate-help@lists.fitug.de>
- List-Id: <debate.lists.fitug.de>
- List-Post: <mailto:debate@lists.fitug.de>
- List-Subscribe: <mailto:debate-subscribe@lists.fitug.de>
- List-Unsubscribe: <mailto:debate-unsubscribe@lists.fitug.de>
- Mailing-List: contact debate-help@lists.fitug.de; run by ezmlm
- Organization: NONE
- Priority: normal
<http://europa.eu.int/comm/internal_market/en/dataprot/wpdocs/wp60_en
.pdf>
------------------------------- CUT ------------------------------
[...]
First orientations of the Article 29 Working Party concerning on-line
authentication services
The Working Party is aware of the expansion of on-line authentication
services and of the importance of secure authentication mechanisms to
ensure the integrity of some electronic transactions, especially
those involving on-line payments. It stresses that the development of
these services needs to respect the core data protection principles.
Being .NET Passport the most important initiative in this field at
present, the Working Party has proceeded to an initial study of this
system in the first place.
After a first analysis carried out by its Internet Task Force, the
Working Party is of the opinion that, although Microsoft has put in
place some measures to address data protection, a number of elements
of the .NET Passport system raise legal issues and therefore require
further consideration:
- The information given to the data subjects at the moment of
collecting, further processing the data or transferring it to a third
party, possibly located in a third country.
- The value and quality of the consent given by the data subjects to
these operations.
- The data protection rules applied by the websites affiliated to
.NET Passport.
- The necessity and conditions of use of a unique identifier.
- The proportionality and quality of data of the data collected and
stored by .NET Passport and further transmitted to affiliated sites.
- The exercise of the rights of the data subjects.
- The security risks associated to these operations.
The Working Party therefore decides to undertake this further
analysis, where necessary in dialogue with Microsoft and with other
services and organisations, in order to assess where the European
data protection principles are correctly complied with and, where
appropriate, to identify elements of the systems that require
changes. The Working Party will consider again this matter at its
next plenary meeting. Due to the evolving nature of the .NET Passport
service and of the possible developments of its future architecture
and of other similar authentication services, the Working Party will
continue monitoring future developments in this field.
Done at Brussels, 2 nd July 2002
For the Working Party
The Chairman
Stefano RODOTA
------------------------------- CUT ------------------------------
--
To unsubscribe, e-mail: debate-unsubscribe@lists.fitug.de
For additional commands, e-mail: debate-help@lists.fitug.de