FITUG e.V.

Förderverein Informationstechnik und Gesellschaft

First orientations of the Article 29 Working Party concerning on-line authentication services

http://europa.eu.int/comm/internal_market/en/dataprot/wpdocs/wp60_en.pdf

[...]

First orientations of the Article 29 Working Party concerning on-line authentication services

The Working Party is aware of the expansion of on-line authentication services and of the importance of secure authentication mechanisms to ensure the integrity of some electronic transactions, especially those involving on-line payments. It stresses that the development of these services needs to respect the core data protection principles. Being .NET Passport the most important initiative in this field at present, the Working Party has proceeded to an initial study of this system in the first place.

After a first analysis carried out by its Internet Task Force, the Working Party is of the opinion that, although Microsoft has put in place some measures to address data protection, a number of elements of the .NET Passport system raise legal issues and therefore require further consideration:

- The information given to the data subjects at the moment of collecting, further processing the data or transferring it to a third party, possibly located in a third country.

- The value and quality of the consent given by the data subjects to these operations.

- The data protection rules applied by the websites affiliated to .NET Passport.

- The necessity and conditions of use of a unique identifier.

- The proportionality and quality of data of the data collected and stored by .NET Passport and further transmitted to affiliated sites.

- The exercise of the rights of the data subjects.

- The security risks associated to these operations.

The Working Party therefore decides to undertake this further analysis, where necessary in dialogue with Microsoft and with other services and organisations, in order to assess where the European data protection principles are correctly complied with and, where appropriate, to identify elements of the systems that require changes. The Working Party will consider again this matter at its next plenary meeting. Due to the evolving nature of the .NET Passport service and of the possible developments of its future architecture and of other similar authentication services, the Working Party will continue monitoring future developments in this field.

Done at Brussels, 2 nd July 2002

For the Working Party

The Chairman

Stefano RODOTA

Zurück