European Union (EU) regulators are not satisfied that Microsoft Corp's .NET Passport complies with data protection law.

Regulators have said that while Microsoft has put in place measures to address data protection, elements of .NET Passport require further consideration.

Data protection agencies from 15 countries have stopped short of launching a formal investigation. Instead, further research will be undertaken by a sub-group for presentation to EU members later this year.

EU politicians have voiced concern in recent weeks that .NET Passport violates data protection rights, by gathering and passing on consumers' information.

Microsoft has denied it passes on consumers' information. Furthermore, Redmond, Washington-based Microsoft is one of the few US companies to sign the Safe Harbor framework, to ensure US companies provide "adequate" privacy protection defined by the 1998 Directive on Data Protection.

Regulators need more information before any official hearings can begin, but one official said they are "opening a dialogue".

Jonathan Bamford, assistant commissioner at the UK's Information Commission, said online authentication is a complex area requiring greater attention. "This is worthy of further investigation because it's a complex area," Bamford said yesterday.

Officials will consider a list of "core" data protection issues, Bamford said. These include what information is given to users when personal data is collected, and how affiliated web sites process data in Passport.

Bamford insisted regulators are not "picking" on Microsoft, but said Passport was the most developed system. He added Microsoft's adherence to the Safe Harbor framework was evidence of the company's commitment to data protection principles. "That is a good thing," he said.

Microsoft Europe Middle East and Africa senior attorney for commercial and regulatory affairs Peter Fleischer said in a statement Microsoft is committed to on-going discussions with regulators.

© 2001 ComputerWire.