The European Commission (EC), the European Union's (EU's) regulatory arm, revealed this weekend that it is readying an investigation into alleged Microsoft .NET Passport privacy violations. A Dutch software firm, which complained that Microsoft is collecting users' personal information (in violation of European data-collection laws), alerted the EC to the problem. The EC describes its part in the investigation as "a matter of priority." However, individual countries that are part of the EU will be responsible for organizing the investigation and assessing fines.
"If a member state \[of the EU\] thinks a company is not respecting the rules, then they can ask it to stop or they can even fine them," an EC spokesperson said. "This depends on individual member states."
If the EU launches a full investigation, the new inquiry will remain separate from the EU's existing antitrust investigation of Microsoft. However, whether the privacy investigation will gain much steam is unclear. Britain, for example, doesn't see .NET Passport as a violation of privacy laws, although its decision isn't yet final, and several other EU member states are seeking more information. This week, 15 EU member representatives, who are gathering for a previously scheduled meeting, will discuss the .NET Passport privacy charges.
Microsoft says it has already met with the EC about .NET Passport, however, and that the service adequately protects users' privacy. "We have met not only with \[EC\] privacy officials, but we've also met with privacy officials in each of the member states about Passport and about the concerns raised," a company spokesperson said. Microsoft has also met with the US Federal Trade Commission (FTC) about similar complaints..