Title: SPAM AND THE EU Unsolicited Commercial Communications under the Directive on Privacy and Electronic
1SPAM AND THE EU (Unsolicited Commercial
Communications under the Directive on Privacy and
Electronic Communications (2002/58/EC)) Spam
Summit, House of Commons 1 July 2003
Philippe GERARD, DG Information
Society
EUROPEAN COMMISSION
2I - Background
- Note The positions expressed are those of the
authorand do not necessarily represent the views
of the Commission
3(a) The Data Protection Directives
- The General Directive (95/46/EC)
- harmonised rules on data protection to ensure the
free flow of personal data across the EU e.g.
purpose limitation, fair processing, access to
data, etc. - note in particular harvesting is illegal in the
EU - The Specific Telecoms Data Protection Directive
(97/66/EC) - Directive 97/66/EC translated the principles set
out in Directive 95/46/EC into specific rules for
the telecommunications sector e.g. - security
- confidentiality
- traffic data
- calling line identification
- public directories
- unsolicited commercial calls and faxes
4 (b) The New Package for Electronic
Communications
- Directive 2002/58/EC is also part of the new EU
regulatory framework for electronic
communications networks and services - General objective a framework that is
future-proof, pro-competitive, etc. - On privacy and data protection in particular
reflect developments and provide an equal level
of protection of personal data and privacy,
regardless of the technology used
5(c) - Main features
- Widening of coverage to all electronic
communications networks and services - New definitions for communications, traffic
data, location data and e-mail - Services concerned on public communications
networks in the EU - The general Directive 95/46/EC is in principle
applicable (unless otherwise provided)
6II - The provisions on Unsolicited Commercial
Communications (spam) in greater detail
7(a) - Why legislate?
- Some reasons
- Unsolicited e-mail is a problem for the
development of e-commerce and the information
society (e.g. confidence) - Spam creates costs and nuisance for professionals
and consumers - Filtering systems used by ISPs seemed open to
legal challenge - Single market approach needed to avoid legal
patchwork
8(b) - Why an opt-in?
- Some reasons
- Privacy as a right, not as an option
- Consumer choice
- Responsiveness of permission-based marketing said
to be very efficient (spam study 2001) - Many possibilities (e.g. Web) to obtain consent
from e-mail users - Also
- Mere extension of the fax and automated calls
regime (opt-in) to new developments - Several Member States had an opt-in (high level
of consumer protection) - Reminder the harvesting of e-mail addresses to
send them commercial e-mails is contrary to data
protection principles
9(c) - Basic principles (Art 13)
- Opt-in for unsolicited e-mail for direct
marketing to natural persons - Opt-out for use of contact details obtained in
the context of a sale (existing customers) - Legal persons legitimate interests to be
sufficiently protected (B2B marketing) e.g.
opt-in, opt-out
10(d) Additional safeguards
- Disguise of identity of sender is prohibited
- All marketing messages must include a valid
return address and allow opt-out also after
earlier opt-in - Note other provisions may apply e.g.
misleading advertising, deceptive practices, or
if illegal access to information systems
(harvesting, hacking)
11(e) - Definition of Electronic Mail
- Broad technology neutral definition (covering
also SMS, MMS etc.) - Any text, voice, sound or image message sent
over a public communications network which can be
stored in the network or in the recipients
terminal equipment until it is collected by the
recipient. (Art 2) - In short any form of electronic communication
for which the simultaneous participation of the
sender and the recipient is not required.
12(f) - Concept of Direct Marketing
- Covers any form of sales promotion
-
- Includes direct marketing by charities and
political organisations (e.g. fund raising) - Harmonised approach within EU to be ensured
notably through the Article 29 Working Party
composed of national data protection authorities
13(g) - Existing customer relationship
- Opt-out allowed for use of contact details
obtained from customers in the context of a sale,
but - May be used by the same company only
- Only for marketing of similar products or
services - Explicit opt-out must be offered at the time of
collection and with each message
14(h) - Application and Enforcement
- In short rules on spam apply to all messages
sent over EU networks, regardless of where they
originate - Adequate complaint and penalty mechanisms must be
established e.g. individual right or action,
claims for damage, sanctions - Monitoring of tranposition starting
- Practical follow-up underway, including on
international cooperation
15(i) - Follow-up
- Consultation and follow-up document
- Addressed to MS, competent authorities, industry,
consumer associations - Areas awareness raising, complaints mechanisms,
effective enforcement, ADR mechanisms, coverage
issues, contractual issues and SR, technical
issues, international cooperation - Informal online group to facilitate work on these
issues
16(j) - International cooperation
- Legislation is only part of the answer to this
global problem, but legislation is part of the
answer - Strong international cooperation is needed to
make it effective - Bilateral and multilateral efforts (e.g. OECD)
- Industry and consumers to take part as well (e.g.
TACD)
17III - Timetable
- Adoption in July 2002 (OJ No 201)
- Transposition deadline 31 October 2003
- Follow-up under way with Member States, Data
Protection Authorities - Commission guidelines if appropriate
- Review in 2006 with particular emphasis on
unsolicited commercial communications - Note Directive 2002/58/EC is available at
http//europa.eu.int/information_society/topics/te
lecoms/regulatory/new_rf/documents/l_20120020731en
00370047.pdf
18Contact details