Privacy and data protection | Privacy and confidentiality

EU questionnaire on spam-ban

By EDRi · February 26, 2003

Per 31 October 2003 spamming will be prohibited in all EU member states, but it is completely unclear what authority should supervise the spam-ban. The European Commission doesn’t have a ready-made answer, and is currently asking privacy-authorities and telecommunications ministries what approach they prefer.

The new Privacy Directive prohibits the sending of unsolicited e-mail but doesn’t regulate the practicalities of penalties, damage claims or prosecution of cross-border violations. To make matters even more complicated, the Directive leaves the level of privacy protection of legal persons up to member states. Therefore, in some countries all e-mail addresses will be protected, in other states the spam-ban is limited to natural persons. On top of that, the directive bans commercial spam, but does allow for a ban on all unsolicited electronic communications, including those for charity and political purposes.

Seven EU member states already have anti-spam legislation; Austria, Denmark, Germany, Finland, Greece, Italy and Spain. In Europe-at-large, spam is also banned in Hungary and Norway. Punishments differs widely. In Austria for example, spammers can be fined to a maximum of 36.330 Euro, while in Italy spammers risk prison sentence, next to the obligation to pay damages of 500 to 5000 euro per spammail.

Answers to the questionnaire from DG Infosoc should be in by 28 February 2003. Based on the answers, the European Commission will probably produce a guideline for recommended practice. Most likely, direct marketers will lobby for self-regulation, leaving it up to the industry to punish itself. EDRI opposes such a soft approach, and strongly recommends the institution of a European hotline for spam, to solve the problem of having to find out where the spam was sent from. This should not be left up to individual citizens, nor should they have to instigate cross-border procedures themselves.

Previous initiatives by the Belgian and French data-protection authorities to open up a national spam-box showed immense public interest. The Belgian authority even closed its mailbox after 2 months, after having received 50.000 spams. As well-intended as it was, they were inundated with identical spams. To withstand the spam-deluge, more is needed, like a dedicated transnational institute, with smart automatic processing of spams, a searchable public database and professionally trained staff.

Privacy-directive (2002/58/EC)

Overview of anti-spam legislation in Europe-at-large


Belgian privacy-authority (in Dutch and French)