In a case Federal Trade Commission Chairman Timothy Muris said was intended to send a message, the FTC accused Microsoft of deceptively promoting that Passport offered consumers additional security, and that the Kids Passport program gave parents controls over what personal information their children could provide.
None of the claims were true, the FTC said, adding that using Passport offers no additional protections and that children can easily defeat the parental controls.
Microsoft wasn't fined, but it agreed to implement a new information security program that includes an audit of its procedures every two years. It could face fines if it makes further privacy violations.
Passport, which is included in some editions of Windows or the Internet Explorer Web brower, lets users register various personal data -- including in some cases credit card numbers -- to avoid having to repeatedly enter the information at different Web sites. Microsoft tries to sell Web sites on using the service.
The FTC for the first time also warned marketers who promise privacy that they have to employ "reasonable and appropriate measures ... to maintain and protect the privacy and confidentiality of consumers' personal information."
Mr. Muris said the case showed that the FTC is "very active" in safeguarding privacy.
'Raise the bar'
Microsoft said today it believed the agreement will further "raise the bar for Internet security and privacy."
Thirteen consumer groups, including the Electronic Privacy Information Center, had petitioned the FTC to act against Passport.
Marc Rotenberg, executive director for the Electronic Privacy Information Center, called the FTC's action against Microsoft "extraordinary" and "quite sweeping."
"This is a very big development," he said. "It sent a clear message that privacy has to be a top priority and a strong message that the FTC will act."