COM(2004)28 - Unsolicited commercial communications or 'spam'
Please note
This page contains a limited version of this dossier in the EU Monitor.
official title
Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions on unsolicited commercial communications or 'spam'Legal instrument | Communication |
---|---|
reference by COM-number83 | COM(2004)28 ![]() |
Additional COM-numbers | COM(2004)28 |
CELEX number86 | 52004DC0028 |
Document | 22-01-2004 |
---|---|
Online publication | 22-01-2004 |
This page is also available in a full version containing the latest state of affairs, the legal context, other dossiers related to the dossier at hand, the stakeholders involved (e.g. European Commission directorates-general, European Parliament committees, Council configurations and even individual EU Commissioners and Members of the European Parliament) and finally documents of the European Parliament, the Council of Ministers and the European Commission.
The full version is available for registered users of the EU Monitor by ANP and PDC Informatie Architectuur.
The EU Monitor enables its users to keep track of the European process of lawmaking, focusing on the relevant dossiers. It automatically signals developments in your chosen topics of interest. Apologies to unregistered users, we can no longer add new users.This service will discontinue in the near future.
- 1.The present Communication does not cover unsolicited communications offline, e.g. unsolicited (postal) mail.
- 2.See in particular Article 13 of Directive 2002/58/EC on Privacy and Electronic Communications and Privacy (see section 2, below).
- 3.For instance, the spam box initiatives organised in 2002 by respectively the French Commission Nationale Informatique et Libertés (CNIL) and the Belgian Commission de la Protection de la Vie Privée (CPVP) seemed to confirm that the United States and, to lesser extent Canada, were the primary source of spam messages. The CPVP findings are available at: www.privacy.fgov.be/publications/ spam_4-7-03_fr.pdf; the CNIL report is available at the following URL address: www.cnil.fr/thematic/docs/internet/ boite_a_spam.pdf. See also: UNCTAD, E-Commerce and Development Report 2003, New York and Geneva, 2003, p. 27.
- 4.An issue paper on unsolicited communications or spam was distributed in advance of the workshop on the subject. The issue paper itself built on previous discussions in the context of the Communications Committee (COCOM) and with the Article 29 Data Protection Working Party. In response to a questionnaire, information was provided by members of the COCOM and of the Article 29 Data Protection Working Party. A number of industry associations or individual companies also reacted, from ISPs and communications operators (mobile and fixed) through direct marketeers and advertisers, to computer and software manufacturers.
- 5.An estimated 49 % spam in the EU for September 2003, compared to some 54 % worldwide for the same period (Source : Brightmail, 2003).
- 6.According to a recent report form the FTC, 22% of spam analysed contained false information in the subject line; 42% contained misleading subject lines that misrepresented that the sender had a business or personal relationship with the recipient; 44% of spam contained false information in the from or subject lines; over half of finance related spam contained false from or subject lines; 40% of all spam contained signs of falsity in the message; 90% of investment and business opportunities contained likely false claims; 66% of spam contained false from lines, subject lines or message text. (False Claims in Spam, A report by the FTC's Division of Marketing Practices, 30 April 2003, available at: www.ftc.gov/reports/spam/ 030429spamreport.pdf)
- 7.According to Pew Internet, 7% of email users report they have ordered after unsolicited email and 33% of email users have clicked on a link in unsolicited email to get more information. Even if the percentages of consumers who are ripped off remain relatively low, the phenomenal economies of scale that can be achieved by rogue traders using misleading or deceptive spam have taken the problem of consumer scams to a new level. See: Spam-How It Is Hurting Email and Degrading Life on the Internet, October 2003, Report by Deborah Fallows for the Pew Internet
- 8.Spam messages sometimes also include gratuitous violence or incitement to hatred on grounds of race, sex, religion or nationality.
- 9.Source: Ferris Research, 2003.
- 10.This figure and other estimates are mentioned in: '"Spam"; Report of an Inquiry by the All Party Internet Group', London, October 2003, p. 8; This report can be consulted via the following URL address: www.apig.org.uk
- 11.According to the recent survey by Pew Internet mentioned above, 25 percent of interviewees were using e-mail less because they were receiving so much spam.
- 12.The present Communication does not cover unsolicited communications offline, e.g. unsolicited (postal) mail.
- 13.Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), OJ L 201, 31.7.2002.
- 14.For voice telephony marketing calls, other than by automated machines, Member States may choose between an opt-in or an opt-out approach.
- 15.Article 13(4) of Directive 2002/58/EC.
- 16.In accordance with Article 15(3) of Directive 2002/58/EC in conjunction with Article 30 of Directive 95/46/EC.
- 17.See for instance Opinion 7/2000 On the European Commission Proposal for a Directive of the European Parliament and of the Council concerning the processing of personal data and the protection of privacy in the electronic communications sector of 12 July 2000; Recommendation 2/2001 on certain minimum requirements for collecting personal data on-line in the European Union. See also the Harvesting has been discussed in the Working document of 21 November 2000 entitled 'Privacy on the Internet'-An integrated EU Approach to On-line Data Protection". These documents can be consulted at the following URL address: europa.eu.int/comm/internal_market/ privacy/workingroup_en.htm
- 18.Article 15 of Directive 2002/58/EC refers to Chapter III of Directive 95/46/EC on Judicial remedies, liability and sanctions: Article 22 - Remedies Without prejudice to any administrative remedy for which provision may be made, inter alia before the supervisory authority referred to in Article 28, prior to referral to the judicial authority, Member States shall provide for the right of every person to a judicial remedy for any breach of the rights guaranteed him by the national law applicable to the processing in question. Article 23 - Liability 1. Member States shall provide that any person who has suffered damage as a result of an unlawful processing operation or of any act incompatible with the national provisions adopted pursuant to this Directive is entitled to receive compensation from the controller for the damage suffered. 2. The controller may be exempted from this liability, in whole or in part, if he proves that he is not responsible for the event giving rise to the damage. Article 24 - Sanctions The Member States shall adopt suitable measures to ensure the full implementation of the provisions of this Directive and shall in particular lay down the sanctions to be imposed in case of infringement of the provisions adopted pursuant to this Directive.
- 19.This differs for instance from agencies like the US Federal Trade Commission.
- 20.See also the Working document of the Article 29 Data Protection Working Party entitled 'Privacy on the Internet' - An integrated EU Approach to On-line Data Protection" (Document No WP 37, adopted on 21 November 2000).
- 21.Council Directive 84/450/EEC of 10 September 1984 relating to the approximation of the laws, regulations and administrative provisions of the Member States concerning misleading advertising OJ L 250, 19.9.1984, p. 17-20. The Commission has recently made a proposal to replace and update the misleading advertising Directive (COM(2003) 356 final).
- 22.On 24 September 1998, the Council adopted the Recommendation on the development of the competitiveness of the European audio-visual and information services industry by promoting national frameworks aimed at achieving a comparable and effective level of protection of minors and human dignity (98/560/EC). The Recommendation was the first legal instrument at EU-level concerning the content of audio-visual and information services covering all forms of deliveries, from broadcasting to the Internet.
- 23.Directive of the European Parliament and of the Council of 8 June 2000, OJ L 178, 17.7.2000. As a general rule, commercial communications must comply with the rules applicable to them in the Member State of establishment of the service provider. This rules does however not apply to the permissibility of unsolicited communications by electronic mail (see Articles 3 of the Directive on Electronic Commerce and its Annex). In the (limited) cases where natural persons would not be protected by Directive 2002/58/EC (e.g. natural persons who are not subscribers) against unsolicited commercial communications, Member States must also ensure under the Directive on Electronic Commerce that service providers undertaking unsolicited commercial communications by electronic mail consult regularly and respect the opt-out registers in which natural persons not wishing to receive such commercial communications can register themselves (see Article 7 of the Directive on electronic commerce).
- 24.PROPOSAL FOR A COUNCIL FRAMEWORK DECISION ON ATTACKS AGAINST INFORMATION SYSTEMS, COM(2002) 173 FINAL, 19.4.2002.
- 25.See also the 9th Report on the Implementation of the Telecommunications Regulatory Package, available at the following URL address: europa.eu.int/information_society/ topics/ecomm/all_about/implementation_enforcement/annualreports/9threport/index_en.htm
- 26.The importance of full, effective and timely implementation of the new regulatory framework for electronic communications, including this Directive, has been stressed by the Commission in its Communication "Electronic Communications: the Road to the Knowledge Economy (COM(2003) 65 of 11 February 2003).
- 27.The letters of formal notice have been sent on the 25th of November 2003 (See IP/03/1663).
- 28.Note that complaints often also concern related issues e.g. the right of access to personal data and the right to object to data processing.
- 29.The report of 24 October 2002 adopted by the Commission National Informatique et Libertés (CNIL), the French DPA is available at the following URL address: www.cnil.fr/frame?http:// www.cnil.fr/thematic/internet/spam/spam_sommaire
- 30.See e.g. www.ftc.gov/bcp/conline/pubs/ online/inbox.pdf Unwanted or deceptive messages can be sent to the following URL address:
- 31.COM(2003) 443 final.
- 32.Information about the IDA programme is available via the following URL address: europa.eu.int/comm/enterprise/ida/ index.htm
- 33.OECD Guidelines for Protecting Consumers from Fraudulent and Deceptive Commercial Practices Across Borders, OECD, 2003.
- 34.
- 35.Such clauses are sometimes based on the need to take all measures to prevent inappropriate usage of their services. Other refer to existing codes of conduct regarding bulk e-mails or, indeed, to self-regulatory principles (e.g. netiquette).
- 36.The European Federation of Direct Marketing (FEDMA) has announced a specific online code of conduct for direct marketeers.
- 37.
- 38.For instance, the RIPE (Réseaux IP Européens) Anti-spam Working Group has been active since 1998 (see: The document 'Good Practice for combating Unsolicited Bulk Email' can be found on the RIPE website (see: www.ripe.net). More recently, the IRTF (Internet Research Task Force) has set up an Anti-Spam Research Group (see: www.irtf.org/charters/ asrg.html). This group may develop certain technologies that could serve as a starting point for standardisation efforts within the IETF (Internet Engineering Task Force).
- 39.Background information on the rules applicable to unsolicited communications under Directive 2002/58/EC is available at the following URL address: europa.eu.int/information_society/ topics/ecomm/all_about/todays_framework/privacy_protection/index_en.htm
- 40.See: www.dti.gov.uk/industries/ ecommunications/directive_on_privacy_electronic_communications_200258ec.html
- 41.
- 42.The present Communication does not cover unsolicited communications offline, e.g. unsolicited (postal) mail.
- 43.See in particular Article 13 of Directive 2002/58/EC on Privacy and Electronic Communications and Privacy (see section 2, below).
- 44.For instance, the spam box initiatives organised in 2002 by respectively the French Commission Nationale Informatique et Libertés (CNIL) and the Belgian Commission de la Protection de la Vie Privée (CPVP) seemed to confirm that the United States and, to lesser extent Canada, were the primary source of spam messages. The CPVP findings are available at: www.privacy.fgov.be/publications/ spam_4-7-03_fr.pdf; the CNIL report is available at the following URL address: www.cnil.fr/thematic/docs/internet/ boite_a_spam.pdf. See also: UNCTAD, E-Commerce and Development Report 2003, New York and Geneva, 2003, p. 27.
- 45.An issue paper on unsolicited communications or spam was distributed in advance of the workshop on the subject. The issue paper itself built on previous discussions in the context of the Communications Committee (COCOM) and with the Article 29 Data Protection Working Party. In response to a questionnaire, information was provided by members of the COCOM and of the Article 29 Data Protection Working Party. A number of industry associations or individual companies also reacted, from ISPs and communications operators (mobile and fixed) through direct marketeers and advertisers, to computer and software manufacturers.
- 46.An estimated 49 % spam in the EU for September 2003, compared to some 54 % worldwide for the same period (Source : Brightmail, 2003).
- 47.According to a recent report form the FTC, 22% of spam analysed contained false information in the subject line; 42% contained misleading subject lines that misrepresented that the sender had a business or personal relationship with the recipient; 44% of spam contained false information in the from or subject lines; over half of finance related spam contained false from or subject lines; 40% of all spam contained signs of falsity in the message; 90% of investment and business opportunities contained likely false claims; 66% of spam contained false from lines, subject lines or message text. (False Claims in Spam, A report by the FTC's Division of Marketing Practices, 30 April 2003, available at: www.ftc.gov/reports/spam/ 030429spamreport.pdf)
- 48.According to Pew Internet, 7% of email users report they have ordered after unsolicited email and 33% of email users have clicked on a link in unsolicited email to get more information. Even if the percentages of consumers who are ripped off remain relatively low, the phenomenal economies of scale that can be achieved by rogue traders using misleading or deceptive spam have taken the problem of consumer scams to a new level. See: Spam-How It Is Hurting Email and Degrading Life on the Internet, October 2003, Report by Deborah Fallows for the Pew Internet
- 49.Spam messages sometimes also include gratuitous violence or incitement to hatred on grounds of race, sex, religion or nationality.
- 50.Source: Ferris Research, 2003.
- 51.This figure and other estimates are mentioned in: '"Spam"; Report of an Inquiry by the All Party Internet Group', London, October 2003, p. 8; This report can be consulted via the following URL address: www.apig.org.uk
- 52.According to the recent survey by Pew Internet mentioned above, 25 percent of interviewees were using e-mail less because they were receiving so much spam.
- 53.The present Communication does not cover unsolicited communications offline, e.g. unsolicited (postal) mail.
- 54.Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), OJ L 201, 31.7.2002.
- 55.For voice telephony marketing calls, other than by automated machines, Member States may choose between an opt-in or an opt-out approach.
- 56.Article 13(4) of Directive 2002/58/EC.
- 57.In accordance with Article 15(3) of Directive 2002/58/EC in conjunction with Article 30 of Directive 95/46/EC.
- 58.See for instance Opinion 7/2000 On the European Commission Proposal for a Directive of the European Parliament and of the Council concerning the processing of personal data and the protection of privacy in the electronic communications sector of 12 July 2000; Recommendation 2/2001 on certain minimum requirements for collecting personal data on-line in the European Union. See also the Harvesting has been discussed in the Working document of 21 November 2000 entitled 'Privacy on the Internet'-An integrated EU Approach to On-line Data Protection". These documents can be consulted at the following URL address: europa.eu.int/comm/internal_market/ privacy/workingroup_en.htm
- 59.Article 15 of Directive 2002/58/EC refers to Chapter III of Directive 95/46/EC on Judicial remedies, liability and sanctions: Article 22 - Remedies Without prejudice to any administrative remedy for which provision may be made, inter alia before the supervisory authority referred to in Article 28, prior to referral to the judicial authority, Member States shall provide for the right of every person to a judicial remedy for any breach of the rights guaranteed him by the national law applicable to the processing in question. Article 23 - Liability 1. Member States shall provide that any person who has suffered damage as a result of an unlawful processing operation or of any act incompatible with the national provisions adopted pursuant to this Directive is entitled to receive compensation from the controller for the damage suffered. 2. The controller may be exempted from this liability, in whole or in part, if he proves that he is not responsible for the event giving rise to the damage. Article 24 - Sanctions The Member States shall adopt suitable measures to ensure the full implementation of the provisions of this Directive and shall in particular lay down the sanctions to be imposed in case of infringement of the provisions adopted pursuant to this Directive.
- 60.This differs for instance from agencies like the US Federal Trade Commission.
- 61.See also the Working document of the Article 29 Data Protection Working Party entitled 'Privacy on the Internet' - An integrated EU Approach to On-line Data Protection" (Document No WP 37, adopted on 21 November 2000).
- 62.Council Directive 84/450/EEC of 10 September 1984 relating to the approximation of the laws, regulations and administrative provisions of the Member States concerning misleading advertising OJ L 250, 19.9.1984, p. 17-20. The Commission has recently made a proposal to replace and update the misleading advertising Directive (COM(2003) 356 final).
- 63.On 24 September 1998, the Council adopted the Recommendation on the development of the competitiveness of the European audio-visual and information services industry by promoting national frameworks aimed at achieving a comparable and effective level of protection of minors and human dignity (98/560/EC). The Recommendation was the first legal instrument at EU-level concerning the content of audio-visual and information services covering all forms of deliveries, from broadcasting to the Internet.
- 64.Directive of the European Parliament and of the Council of 8 June 2000, OJ L 178, 17.7.2000. As a general rule, commercial communications must comply with the rules applicable to them in the Member State of establishment of the service provider. This rules does however not apply to the permissibility of unsolicited communications by electronic mail (see Articles 3 of the Directive on Electronic Commerce and its Annex). In the (limited) cases where natural persons would not be protected by Directive 2002/58/EC (e.g. natural persons who are not subscribers) against unsolicited commercial communications, Member States must also ensure under the Directive on Electronic Commerce that service providers undertaking unsolicited commercial communications by electronic mail consult regularly and respect the opt-out registers in which natural persons not wishing to receive such commercial communications can register themselves (see Article 7 of the Directive on electronic commerce).
- 65.PROPOSAL FOR A COUNCIL FRAMEWORK DECISION ON ATTACKS AGAINST INFORMATION SYSTEMS, COM(2002) 173 FINAL, 19.4.2002.
- 66.See also the 9th Report on the Implementation of the Telecommunications Regulatory Package, available at the following URL address: europa.eu.int/information_society/ topics/ecomm/all_about/implementation_enforcement/annualreports/9threport/index_en.htm
- 67.The importance of full, effective and timely implementation of the new regulatory framework for electronic communications, including this Directive, has been stressed by the Commission in its Communication "Electronic Communications: the Road to the Knowledge Economy (COM(2003) 65 of 11 February 2003).
- 68.The letters of formal notice have been sent on the 25th of November 2003 (See IP/03/1663).
- 69.Note that complaints often also concern related issues e.g. the right of access to personal data and the right to object to data processing.
- 70.The report of 24 October 2002 adopted by the Commission National Informatique et Libertés (CNIL), the French DPA is available at the following URL address: www.cnil.fr/frame?http:// www.cnil.fr/thematic/internet/spam/spam_sommaire
- 71.See e.g. www.ftc.gov/bcp/conline/pubs/ online/inbox.pdf Unwanted or deceptive messages can be sent to the following URL address:
- 72.COM(2003) 443 final.
- 73.Information about the IDA programme is available via the following URL address: europa.eu.int/comm/enterprise/ida/ index.htm
- 74.OECD Guidelines for Protecting Consumers from Fraudulent and Deceptive Commercial Practices Across Borders, OECD, 2003.
- 75.
- 76.Such clauses are sometimes based on the need to take all measures to prevent inappropriate usage of their services. Other refer to existing codes of conduct regarding bulk e-mails or, indeed, to self-regulatory principles (e.g. netiquette).
- 77.The European Federation of Direct Marketing (FEDMA) has announced a specific online code of conduct for direct marketeers.
- 78.
- 79.For instance, the RIPE (Réseaux IP Européens) Anti-spam Working Group has been active since 1998 (see: The document 'Good Practice for combating Unsolicited Bulk Email' can be found on the RIPE website (see: www.ripe.net). More recently, the IRTF (Internet Research Task Force) has set up an Anti-Spam Research Group (see: www.irtf.org/charters/ asrg.html). This group may develop certain technologies that could serve as a starting point for standardisation efforts within the IETF (Internet Engineering Task Force).
- 80.Background information on the rules applicable to unsolicited communications under Directive 2002/58/EC is available at the following URL address: europa.eu.int/information_society/ topics/ecomm/all_about/todays_framework/privacy_protection/index_en.htm
- 81.See: www.dti.gov.uk/industries/ ecommunications/directive_on_privacy_electronic_communications_200258ec.html
- 82.
- 83.De Europese Commissie kent nummers toe aan officiële documenten van de Europese Unie. De Commissie maakt onderscheid in een aantal typen documenten door middel van het toekennen van verschillende nummerseries. Het onderscheid is gebaseerd op het soort document en/of de instelling van de Unie van wie het document afkomstig is.
- 84.De Raad van de Europese Unie kent aan wetgevingsdossiers een uniek toe. Dit nummer bestaat uit een vijfcijferig volgnummer gevolgd door een schuine streep met de laatste twee cijfers van het jaartal, bijvoorbeeld 12345/00 - een document met nummer 12345 uit het jaar 2000.
- 85.Het interinstitutionele nummer is een nummerreeks die binnen de Europese Unie toegekend wordt aan voorstellen voor regelgeving van de Europese Commissie.
Binnen de Europese Unie worden nog een aantal andere nummerseries gebruikt. Iedere instelling heeft één of meerdere sets documenten met ieder een eigen nummering. Die reeksen komen niet overeen met elkaar of het interinstitutioneel nummer.
- 86.Deze databank van de Europese Unie biedt de mogelijkheid de actuele werkzaamheden (workflow) van de Europese instellingen (Europees Parlement, Raad, ESC, Comité van de Regio's, Europese Centrale Bank, Hof van Justitie enz.) te volgen. EURlex volgt alle voorstellen (zoals wetgevende en begrotingsdossiers) en mededelingen van de Commissie, vanaf het moment dat ze aan de Raad of het Europees Parlement worden voorgelegd.
- 87.Als dag van bekendmaking van een Europees besluit geldt de dag waarop het besluit in het Publicatieblad wordt bekendgemaakt, en daardoor in alle officiële talen van de Europese Unie bij het Publicatiebureau beschikbaar is.