A recent European Commission Report revealed stark variations across the EU in bringing rogue email marketers to book and called for more action to fight spammers and protect on-line privacy. Jenny Reid reports.
Topic: Email marketing
Who: European Commission (the "Commission")
Where: EU
When: 8 October 2009
Law stated as at: 31 October 2009
What happened:
The Commission announced that EU Member States need to do more to tackle spam and to protect online privacy. A Commission-funded study found a large discrepancy between the measures taken by different Member States to tackle such issues and that the number of prosecuted cases and penalties imposed on spammers varies considerably across the EU.
Viviane Reding, EU Commissioner for Information Society and Media, said that "although since 2002, European law has prohibited spam and spyware, on average 65% of EU citizens are still affected by spam on a regular basis". Reding then called for Member States to "reinforce their national efforts to fight online privacy threats such as spam, spyware and malicious software".
Findings of the study:
The study analysed the details of over 140 enforcement cases across 22 Members States and found considerable differences between the number of cases per country and the number of fines imposed.
In terms of numbers of court cases, Spain (39), Slovakia (39) and Romania (20) ranked the highest, with the largest fines being imposed in the Netherlands (€1,000,000), Italy (€570,000) and Spain (€30,000). However, most Member States have websites where victims of spam, spyware or malware can make a complaint and where users can obtain further information as to the risks of and protection from such practices.
The study encourages Member States to allocate sufficient resources to their national authorities to enable them to gather evidence, pursue investigations and initiate prosecutions.
The study emphasises that in order to successfully combat online threats, Member States require the cooperation of public and private sector bodies, which should focus on prevention, enforcement and raising public awareness. Currently, the level of cooperation varies between Member States, with cooperation agreements existing in Belgium, Cyprus, Estonia, France, Germany, Italy, Latvia, Lithuania, the Netherlands, Romania and the UK (although we are not currently sure what UK "cooperation agreement" is being referred to here) , and informal cooperation being relied upon in other countries such as Luxembourg and Malta.
The EC also highlights the importance of international cooperation in tackling spam and reports that the EC is currently negotiating a cross-border cooperation agreement with the US (although so far as marketinglaw is aware this has been under discussion for many years with no light at the end of the tunnel so far in sight).
The study also supports the proposed reforms of the EU telecoms rules (currently being finalised by the European Parliament and the Council) that are intended to implement legislative improvements by way of "clearer and more consistent enforcement rules and dissuasive sanctions, better cross-border cooperation, and adequate resources for national authorities in charge of protecting citizens' online privacy". The rules will require penalties that are implemented for breach of national online privacy laws to be "effective, proportionate and dissuasive". It is also proposed that they will give private organisations such as internet service providers the right to take legal action against spammers who abuse their networks.
Why this matters:
The announcement indicates that the Commission is looking to close down the discrepancies that currently exist between spam enforcement regimes across Member States, with a view to encouraging more harmonised enforcement throughout the EU.
This is clearly an increasingly urgent need, particularly in light of the Ecommerce Directive ((00/31/EC) rule that when it comes to opt in/opt out rules for unsolicited marketing emails and texts, it is the law of the EU state where the message is received that applies, not the law of the EU state from which the message is sent.
This means that UK digital marketers contemplating pan European campaigns may get a nasty surprise if they mistakenly rely on UK opt in/opt out laws and patchy UK email law enforcement. Consideration will need to be given to taking advice from local counsel, particularly if some targets are resident in "higher risk" territories such as the Netherlands, Italy and Spain. The risk of a €1,000,000 fine from the Dutch data protection authority is not to be taken lightly!
To see the full results of the study click here.
For more information, click here.