[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] First orientations of the Article 29 Working Party concerning on-line authentication services


------------------------------- CUT ------------------------------


First orientations of the Article 29 Working Party concerning on-line 
authentication services  

The Working Party is aware of the expansion of on-line authentication 
services and of the importance of secure authentication mechanisms to 
ensure the integrity of some electronic transactions, especially 
those involving on-line payments. It stresses that the development of 
these services needs to respect the core data protection principles. 
Being .NET Passport the most important initiative in this field at 
present, the Working Party has proceeded to an initial study of this 
system in the first place.  

After a first analysis carried out by its Internet Task Force, the 
Working Party is of the opinion that, although Microsoft has put in 
place some measures to address data protection, a number of elements 
of the .NET Passport system raise legal issues and therefore require 
further consideration:  

- The information given to the data subjects at the moment of 
collecting, further processing the data or transferring it to a third 
party, possibly located in a third country.  

- The value and quality of the consent given by the data subjects to 
these operations.  

- The data protection rules applied by the websites affiliated to 
.NET Passport.  

- The necessity and conditions of use of a unique identifier.  

- The proportionality and quality of data of the data collected and 
stored by .NET Passport and further transmitted to affiliated sites.  

- The exercise of the rights of the data subjects.  

- The security risks associated to these operations.  

The Working Party therefore decides to undertake this further 
analysis, where necessary in dialogue with Microsoft and with other 
services and organisations, in order to assess where the European 
data protection principles are correctly complied with and, where 
appropriate, to identify elements of the systems that require 
changes. The Working Party will consider again this matter at its 
next plenary meeting. Due to the evolving nature of the .NET Passport 
service and of the possible developments of its future architecture 
and of other similar authentication services, the Working Party will 
continue monitoring future developments in this field.  

Done at Brussels, 2 nd July 2002  

For the Working Party  

The Chairman  

Stefano RODOTA  

------------------------------- CUT ------------------------------

To unsubscribe, e-mail: debate-unsubscribe@lists.fitug.de
For additional commands, e-mail: debate-help@lists.fitug.de