These days not a month goes by without another country or US state introducing ever more aggressive anti-spam legislation. We report on the latest developments and a European Commission ‘issue paper’ on the menace.
Topic: Digital marketing
Who: The European Commission and legislators in various companies
Where: Brussels, California, The Netherlands, China, Australia and Italy
When: September/October 2003
Law makers around the world are steadily introducing ever tighter legal controls on the sending of spam ("random, unsolicited commercial e-mail").
In Italy, the first of the EU states to implement the EU Privacy and Electronic Communications Directive (which introduces "opt-in" for most e-mail marketing in Europe), there are plans to implement strict new measures. Individuals and companies found guilty of sending unsolicited e-mails and trying to profit thereby could face up to three years in prison. The Italian government states that the sending of spam is tantamount to an act of theft because companies are losing bandwidth and employee time.
In Australia direct marketing chiefs have welcomed new anti-Spam proposals. Enforced by the Australian Communications Authority, the new laws will impose opt-in and empower the ACA to impose fines of up to £400,000 a day for sending unsolicited e-mails. Once passed, the legislation will allow direct marketers 120 days to get their act together before it comes into force.
In Holland, MPs have proposed amendments to the Dutch Telecommunications Act which will render violation of the opt-in/opt-out regime a criminal offence and will include within its ambit e-mail messages sent to Holland from abroad.
In China, self regulation has come to the rescue by way of action by the Internet Society of China. The society has blocked one hundred and twenty seven spam servers across the globe from e-mailing Chinese recipients. Ninety of the servers are in Taiwan and another twenty nine are situated elsewhere outside China. Once the servers have proved they have stopped sending junk mail for three months the society will allow them to resume normal operation.
In California, in a move before the recent vote ousting him from office, Governor Gray Davis signed into law the toughest anti-spam legislation in the US, effective 1/1/04. Existing laws prohibited deceptive, unlabelled spam. This law prohibits all unsolicited spam to Californian e-mail addresses, subject to a very limited number of exceptions, including an established business relationship. The law requires direct, clear and conspicuous opt-in and authorises spam recipients, electronic mail service providers and the California attorney general to bring actions to recover damages for breach of the new regulations, liquidated at $1,000 per transmitted message up to $1 million per incident.
In Brussels, the European Commission is not content with the anti-spam measures contained in the Privacy and Electronic Communications Directive.
On 16 October 2003, it published an "Issue Paper" on unsolicited commercial communications. Produced in preparation for a one day spam workshop in Brussels on 16 October 2003, the paper makes it clear that it does not necessarily reflect the official position of the Commission. However, it is intended to aid further discussions in preparation for the taking of further measures to combat spam, which, according to European Commissioner for the Information Society, Erkki Liikanen has become, "one of the most significant issues facing the internet today".
The paper covers no less than eight strands in the whole process: awareness, effective application of the opt-in regime, complaint mechanisms, effective enforcement, effective remedies and penalties, co-operation with third countries, technical issues and monitoring.
The paper identifies the need for marketers to know the basic rules, for users to know how they can prevent spam by adapting their behaviour, to know what filtering software is on the market and what service and software providers can do for them. It also expresses concern about the lack of co-ordination amongst the various competent authorities in the EU member states, including data protection authorities, national regulatory authorities, consumer protection agencies, ombudsmen, industry associations and consumer/user associations.
It urges all these bodies to step up their role in awareness-raising activities.
The opt-in regime
The paper urges industry to promulgate spam avoidance, by way of contractual arrangements involving ISPs for example. It also cites a need for a more proactive filtering policy by providing information on anti-spam filters. So far as direct marketers' own practices are concerned, it underlines the need, in the light of the new legislation, to review methods of collecting e-mail addresses and other electronic contact details. Here it makes specific reference to the harvesting of e-mail addresses, which it confirms "remains incompatible with Community law".
As an example of best practice in this area, it mentions an initiative in The Netherlands. There the Dutch Ministry of Economic Affairs has provided funding for a platform "Basic principles for commercial e-mail". This groups together different branches of the industry and competent authorities to develop practical implementation of opt-in.
The paper notes that some data protection authorities (but notably not that in the UK as yet) have set up central mailboxes to which users can forward unsolicited commercial e-mail. France and Belgium, for example, have set up such dedicated e-mail boxes and the results have been quite interesting to date. They encourage consumers to report infringement and make enforcement of adopted legislation more effective.
Other member states are encouraged to take a leaf out of the same book.
The paper bemoans that effective enforcement of opt-in still does not appear to be a priority in all member states. The taking of further action to encourage the effective handling of cross-border complaints is also strongly encouraged.
Effective remedies and penalties
The paper notes that penalties for offending against e-mail marketing rules vary greatly among member states, with not all members having clear sanctions in place for infringement. The paper also comments that for privacy infringement like sending unsolicited e-mail, an out of court redress mechanism may be useful to achieve a higher level of compliance with the new rules. It is urges member states to assess the effectiveness of their system of penalties and remedies and to ensure that there are adequate possibilities for victims to claim damages.
Co-operation with third countries
Contrary to other indications, by our own DTI for example, the paper expresses the view that the opt-in rule introduced by Article 13 of the Directive on Privacy and Electronic Communications applies just as much to commercial e-mail sent into the EU from outside the Union as it does to e-mail sent from EU member states. However, even if this is the case the enforcement of the rule in this context is clearly going to be more complicated, although the paper still regards this aspect of the matter as very important.
The paper's action suggestions here include identification of possible solutions at global level. The Commission is for instance hosting an OECD workshop on spam in February 2004 which is intended to contribute to a better understanding of the problem. An online survey is being conducted with a view to the results being placed in front of delegates at the February 2004 meeting.
Member states are invited to clarify the legal conditions in their countries under which different types of filtering software can operate, the paper goes on, and such software needs to take into account the consequences for users of "false positives", "false negatives", and of certain forms of content-based filtering.
The report reminds us that Article 18 of the Privacy and Electronic Communications provides for the preparation in 2006 of a report on the application of the Directive and its impact. Continuing evaluation now is regarded as a priority and with the support of member states and data protection authorities, the Commission has set up an informal on-line group to co-ordinate exchanges of information and best practice on trends as well as particular problems and solutions.
Why this matters:
With UK MPs currently fulminating against the lack of teeth from which our own Information Commission suffers in its attempts to enforce digital marketing controls, there is clearly no shortage of huffing and puffing over spam and no shortage also of ever-tighter legal controls.
However, the European Commission's "Issue Paper" has probably got it about right in terms of the need for co-ordinated action at global level, not only in relation to the introduction of tighter laws, but also in the areas of enforcement and the introduction of effective anti-spam technology.