1. Is the Commission aware of Microsoft's free NET Passport service, which, while consumers are engaged in a purchase, a game, a request or a bank transaction on line, is designed continually to collect their personal information via for instance, an e-mail address (Hotmail), a chat programme (MSN Messenger), a shop (Expedia.com), an auction site (QXL), a community (MSN Communities) or a hotel chain (Hilton.com) and that, as a result, a vast quantity of personal information is surreptitiously passed on to unknown parties by, in particular, Hotmail address owners without their noticing it?

2. Is the Commission also aware that failure to register with NET Passport results in exclusion from many sites' services, that unsubscribing is not possible, that periodically only out-of-date information is removed and that the passwords to be given (minimum of six characters only) are easily accessible, to some extent, to others posing as system administrators or possessing considerable knowledge of dictionaries?

3. Does the Commission regard it as acceptable that users of public terminals in universities, libraries or Internet cafes who fail to log off correctly may pass on their confidential information to the next user, that to hire software via the Internet (using Microsoft servers instead of a personal hard disk) access is possible only via NET Passport, and that, because of a de facto monopoly, Microsoft may shortly charge a high price for what are still for the time being free services?

4. Is it lawful for a dominant firm to build up a very extensive database of personal information? Is NET Passport registered with national agencies supervising the application of privacy legislation? Is registration mandatory in every Member State? Does such a requirement also apply where the database is not located on the territory of an EU Member State?

5. Can national or European criminal investigators make use of the information collected without prior consent of the individuals concerned or the courts?

6. According to the Commission, is there any call for further regulation in order to make abuses by interested parties or subversion of current privacy rules impossible?