"Although Microsoft has put in place some measures to address data protection, a number of elements of the .NET Passport system raise legal issues and therefore require further consideration," the heads of data protection agencies from the 15 EU countries said.
The regulators, who meet monthly, were analyzing complaints that .NET Passport violated strict privacy laws by collecting and passing on information without the user's knowledge.
The chairman of the group, Italy's Stefano Rodota, said more information was needed and suggested hearings could be scheduled. But he declined to characterize the process as an investigation, which could lead to hefty fines if Microsoft were found to have violated national privacy laws.
"We are opening a dialogue," he said by telephone after the two-day meeting concluded. "We will follow what can happen in this area."
He said the group was concerned about legal and technical issues, such as what information is given to the user at the time personal data is collected, how the data is processed and transferred to third parties and what data protection rules are applied by affiliated websites.
Competing services run by AOL and the Liberty Alliance Project would also be scrutinized, he said.
"We are not only looking at what Microsoft is doing," he said.
Microsoft insists it does no such thing and says its Passport service, the largest of its kind by far, fully complies with European laws.
In a statement, senior Microsoft attorney Peter Fleischer said the software giant "remains committed to continued, open dialogue with national authorities ... to help us improve our products and to enhance privacy-enabling technologies."
Copyright 2002. Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
