European Commission communication on spam

By EDRi · January 28, 2004

The European Commission has finally published a Communication on spam, just in time for the OECD conference on spam, hosted by the Commission on 2 and 3 February. The Communication focusses on actions to be taken by the EU member states in order to make the ban on spam more effective. Clearly, implementing the EU directive on privacy and electronic communications (2002/58/EC) is the first and most important step. 7 out of the 15 member states have not yet transposed the directive, Belgium, Germany, Greece, France, Luxembourg, the Netherlands and Portugal.

In general, the Communication does not bring much clarity to the complex problem of banning spam. It only signals problems caused by the impossible compromises dictated by the Directive. For example, Member States may decide for themselves how and by whom the enforcement should be done. In some countries the Data Protection Authority is given the responsibility, in other countries the task is delegated to the National Regulation Authority or the Consumer Ombudsman and in many countries responsibility is not clear at all. The Commission ‘solves’ this problem by calling on all national parties to collaborate. Even when it is clear who the competent authority is, it often lacks investigation and enforcement powers to trace and prosecute ‘spammers’. “The Commission will look to confirm that national transposition measures provide for real sanctions in the event of breach of the relevant requirements by market players, including where appropriate financial and criminal penalties.”

According to the Communication, more than 50 percent of EU e-mail traffic was estimated to be spam in December 2003. Besides the obvious negative effects for private receivers, the Commission stresses the extra costs for businesses in lost productivity, necessary investments in filtering and security software and loss of information due to ‘false positives’, mail that is undeservedly treated as spam. But the Directive does not protect business e-mail addresses against spam. Member States may extend the protection to these addresses but are not required to do so and due to a strong direct marketing lobby, in many countries work e-mail addresses are not explicitly protected. The Communication does nothing to solve the riddle of the difference between the 2 categories of recipients, once more limits itself to signal the problem.

From a civil rights perspective, there should at least be easy and affordable public access to a complaint procedure. Every citizen officially has a right to complain about violation of privacy rights and claim damages. A very obvious solution is the opening up of a national complaint mailbox. Experiments from the Belgian and French Data Protection Authorities showed massive enthusiasm to complain about spam. The Commission clearly likes these, and ‘invites Member States and competent authorities to set up dedicated e-mailboxes, supported by information campaigns.’

Finally, the Commission refers to the essential international dimension, since much spam comes from outside the European Union. The Commission hopes the OECD workshop will bring some solutions, and promises “to investigate how best to follow up the results of the United Nations’ World Summit on the Information Society in relation to spam.”

Simultaneously, the OECD has published a paper with background information for participants to the OECD Spam Workshop. Besides a lot of sometimes obvious definitions, it contains an interesting overview of current anti-spam legislation in all European OECD member countries, including 3 of the 4 EU accession countries, the Czech Republic, Hungary and Poland. The Czech Republic and Poland have already adopted opt-in and Hungary is currently in the process of adopting this approach. The Czech Republic has adopted the opt-in approach for commercial communications generally, but its legislation does not address spam explicitly.

As for the four other European OECD countries, Norway has adopted an opt-in approach. In Switzerland, following a public consultation in October 2002, the government is now amending regulation to apply opt-in to spam in all forms of messages (e.g. phone, e-mail, fax, SMS) and to oblige the telecommunication services providers to combat spam. There is no law on spam in Turkey, and information regarding the situation in Iceland is currently not available.

European Commission Communication (28.01.2004)

OECD paper on spam (22.01.2004)$FILE/JT00157096.PDF

European Commission enforcement action against seven Member States (17.12.2003)|0|RAPID&lg=EN&display=