Ending the spam diet

Unsolicited commercial e-mail (spam) is estimated to cost Internet users Euro 10 billion a year.

Arguably it also hampers the growth of Internet trade by damaging public confidence.

Current legislation

The Telecommunications (Data Protection and Privacy) Regulations (1999) which came into force on 1st March 2000, deals with fax and telephone communications. The background to the Regulations is complex but essentially they originate from the Telecommunications Data Protection Directive (Directive 97/66/EC). The Regulations include the following provisions in respect of use for direct marketing:

• Use of automated calling systems – communications on lines of individual or corporate subscribers (Regulation 22) - such use is prohibited except where the subscriber has previously notified the caller that he consents to such calls (opt in).
• Use of fax – unsolicited communications on lines of individual or corporate subscribers (Regulation 23) - prohibits use where the line is that of a subscriber who has previously notified the caller that unsolicited communications should not be made, or the number is that of a subscriber whose name is listed on a record kept by the Director General of Telecommunications (or someone on his behalf) of subscribers who have indicated that they do not want to be contacted.
• Use of fax on lines of subscribers who are individuals (Regulation 24) – prohibits use except where the subscriber has previously notified the caller that he consents.
• Unsolicited calls on lines of subscribers who are individuals (Regulation 25) – addresses calls on lines other than those described in Regulation 22. Such calls are prohibited where the subscriber has notified the caller that unsolicited calls should not be made or his number is on the Director General of Telecommunications list (an opt-out).

Numbers can be registered online at www.tpsonline.org.uk.

Debate has raged about whether “telecommunications services” in the Directive covers e-mail as well as fax and telephone. The Information Commissioner has expressed the view that it covers all media unless specifically excluded. As e-mail is not specifically excluded, in her view, there is an argument that e-mail is covered. The DTI’s view is that not all of the provisions of the Directive will apply to e-mail. The position remains unclear.

That may soon change. A draft proposal to update the Directive was adopted on 12 July 2000 (the Communications Data Protection Directive (COMM/2000/385)). The draft seeks to update the Directive to cover e-mail and to ensure future technological neutrality. Initial negotiations have started and the DTI welcome views. A finalised version of the draft is due to be adopted by the end of 2001.

The Ecommerce Directive (00/31/EC) provides that spam must be clearly identified as such. Member states must ensure that opt out registers in use are respected and regularly consulted. To date, it is not clear what steps the UK will take to implement this obligation. It has until 16th January 2002 to do so. Draft regulations are anticipated shortly.

In the meantime…

Under the Data Protection Act 1998 (DPA) individuals have the right to prevent processing of data for the purposes of direct marketing. In addition the first data protection principle requiring that data must be processed fairly and lawfully may have a role to play in dealing with spam. Principles seven (appropriate technical measures in place against unauthorised or unlawful processing) and eight (prohibition on transfer outwith the EU) may also assist.

Self-regulatory schemes are also in operation. The Direct Marketing Association (www.dma.org.uk) runs one of the largest. Members sign up to a Code of Practice, which provides that unsolicited e-mails must be identified, include a mechanism for the consumer to raise an objection and not be sent to any names who have objected. The DMA also operate an e-mail registration scheme. Since DMA is a US organisation, registrant’s details will not be covered by the DPA.

The ISP may be able to assist. Spamming may breach its Acceptable Use Policy. As well as creating unwanted traffic for recipients spam creates support overheads for ISP’s who have to deal with complaints from their customers who have received unwanted e-mail as well as dealing with complaints from other ISP’s demanding action on behalf of their customers too.

Software devices are available to block spam, with varying degrees of accuracy. Taking action in any form can prove problematic often with nothing more than an e-mail address to identify the spammer. Information is available to help track identities (www.mcs.net).

Lisa Forsythe, intellectual property consultancy, Brechin Tindal Oatts solicitors. lf@bto.co.uk