Answers to EU questionnaire on spam

During the last meeting of the EU Communication Committee on 11 June, a
document was presented with answers of the member states to the
questionnaire on spam. The same document was also presented next day to the
members of the article 29 working party (the collaboration between the EU
data protection authorities). The questionnaire was developed by the
European Commission to find out what problems member states might incur
when implementing the spam-ban decreed by the new Directive on Privacy in
the Telecommunications Sector.

The answers show a great variety in approach when it comes to awareness
raising, complaints mechanisms and judicial remedies and penalties. The new
privacy directive raises a number of complex issues. How should consent be
construed, and how should member states deal with the difference in
protection between legal and natural persons? Under Article 13 Member
States are only required to ensure the protection to natural persons, not
to legal persons. But how can a sender determine whether a recipient is a
natural or a legal person ? Should an e-mail address consisting of the name
of an individual working for a company be considered as belonging to
natural or a legal person? The definition of direct marketing is also
complex. There is no definition of direct marketing, only a description in
recital 30 of Directive 1995/46/EC, which states that messages by charities
and political parties are also covered by the definition.

“A majority of respondents would favour EU guidelines on these issues, in
order to guarantee as much effectiveness as possible”, the report states.
Disappointingly, the Commission refrains from issuing specific guidelines
to clarify minimum standards. The commission only wants to set-up an
informal on-line newsgroup with 2 representatives from each country (one
from the government designated competent authority and 1 from the Data
Protection Authority).

EDRI was invited to attend the CoCom meeting as an expert. According to
EDRI, it would be good if every member state would at least empower the
National Regulatory Authority or Data Protection Authority to impose
administrative fines. Secondly, EDRI expects these guidelines to contain
minimum standards of redress for internet users when receiving spam from
any country within the internal market. When creating codes of conduct on
top of these minimum legal standards, representatives from internet user
groups and/or consumer associations should be heard and approval of the
data protection authority should be required.

Answers to the questionnaire (03.06.2003)
http://www.edri.org/docs/cocom03-33.pdf

Directive 2002/58/EC concerning the processing of personal data and the
protection of privacy in the electronic communications sector
http://europa.eu.int/comm/internal_market/privacy/law_en.htm