During the last meeting of the EU Communication Committee on 11 June, a document was presented with answers of the member states to the questionnaire on spam. The same document was also presented next day to the members of the article 29 working party (the collaboration between the EU data protection authorities). The questionnaire was developed by the European Commission to find out what problems member states might incur when implementing the spam-ban decreed by the new Directive on Privacy in the Telecommunications Sector.
The answers show a great variety in approach when it comes to awareness raising, complaints mechanisms and judicial remedies and penalties. The new privacy directive raises a number of complex issues. How should consent be construed, and how should member states deal with the difference in protection between legal and natural persons? Under Article 13 Member States are only required to ensure the protection to natural persons, not to legal persons. But how can a sender determine whether a recipient is a natural or a legal person ? Should an e-mail address consisting of the name of an individual working for a company be considered as belonging to natural or a legal person? The definition of direct marketing is also complex. There is no definition of direct marketing, only a description in recital 30 of Directive 1995/46/EC, which states that messages by charities and political parties are also covered by the definition.
"A majority of respondents would favour EU guidelines on these issues, in order to guarantee as much effectiveness as possible", the report states. Disappointingly, the Commission refrains from issuing specific guidelines to clarify minimum standards. The commission only wants to set-up an informal on-line newsgroup with 2 representatives from each country (one from the government designated competent authority and 1 from the Data Protection Authority).
EDRI was invited to attend the CoCom meeting as an expert. According to EDRI, it would be good if every member state would at least empower the National Regulatory Authority or Data Protection Authority to impose administrative fines. Secondly, EDRI expects these guidelines to contain minimum standards of redress for internet users when receiving spam from any country within the internal market. When creating codes of conduct on top of these minimum legal standards, representatives from internet user groups and/or consumer associations should be heard and approval of the data protection authority should be required.
Answers to the questionnaire (03.06.2003)
http://www.edri.org/docs/cocom03-33.pdf
Directive 2002/58/EC concerning the processing of personal data and the
protection of privacy in the electronic communications sector
http://europa.eu.int/comm/internal_market/privacy/law_en.htm