BRUSSELS (Reuters) - The European Commission said on Thursday that software giant Microsoft had agreed to make changes to its .NET Passport system to ease concerns about data privacy posed by Internet identity systems.

The agreement settles a half-year long examination by European Union privacy watchdogs into authentication systems such as Passport, setting standards for firms conducting business on-line.

"Microsoft has agreed to implement a comprehensive package of data protection measures, which will mean making substantial changes to the existing .NET passport system," the Commission said in a statement.

The Commission called the changes "radical," but Microsoft disagreed.

"I would not use the world "radical,"" Peter Fleischer, Microsoft EMEA's Senior Attorney told Reuters. The new system will be added within two to 18 months, the company said.

The changes require users to opt in, deciding whether to give data about themselves -- including their name, e-mail address, and other information -- to Microsoft's Passport system and other Websites.

"These steps focus on giving users the best information we can to empower them to make more decisions and give them the tools to control what personal data to share with Passport or to share with other sites," Fleischer said.

He stressed that Passport already allowed users to control whether to share data with others and that the changes would enhance step-by-step control.

In addition, Microsoft said it would insert a prompt box with key privacy information, a link to the Commission's data privacy Website, and would provide instructions on how to create a secure password.

NO SANCTIONS

Jonathan Todd, a spokesman for the EU's executive body, said that with the changes it was now unlikely the Passport system, used to identify Internet users, would run foul of government data protection rules in the 15-country bloc.

"There would not seem to be any reason to take any form of sanctions against the company," he said.

"My understanding is that the member states' authorities are now all satisfied that the system will be adapted to the requirements of EU data protection legislation," Todd said.

Consumer authentication systems are widely used by companies from retailers to banks. They store customers' personal details in a single location to streamline on-line transactions.

The watchdogs are national data controllers, charged with monitoring compliance with EU data privacy rules. A working party of national representatives holds regular meetings.

The data controllers also issued guidelines for a project by the Liberty Alliance, made up of 150 companies, including Sun Microsystems and Citigroup. Liberty Alliance, a trade body working on standards for authentication systems, was not immediately available for comment.

FURTHER SCRUTINY

The EU data regulators said they would continue to monitor the Passport system, the Liberty Alliance project and other similar authentication services.

They said they would look into electronic advertisement communication within Microsoft's free Hotmail system. They also planned to keep an eye on the use of identifiers -- strings of code unique to each computer user -- in the .NET Passport system and by the Liberty Alliance.

Simon Davies, director of consumer advocacy group Privacy International, praised plans to monitor Passport and its rivals.

"I just hope the Commission can keep its eye on the ball," Davies said. (Additional reporting by Bernhard Warner in London)