EU to Require Opt-In for Commercial Email

D4C5CE writes "EuroCAUCE (Usenet message below) and Heise (in German) report that the European Parliament has voted to ban spam by adopting the "opt-in" system for unsolicited commercial email, finally freeing the way for the entry into force of a "European Parliament and Council directive concerning the processing of personal data and the protection of privacy in the electronic communications sector". The news of the parliamentary U-turn comes after a recommendation by the "Committee on Citizens' Freedoms and Rights, Justice and Home Affairs" to permit "opt-out" marketing had received critical coverage, causing countless spam victims world-wide to alert the Members of the European Parliament to the big mistake they were about to make, and it is hoped to become the useful precedent of a workable approach for US lawmakers currently evaluating means to regulate spam as well." The Parliament's daily notebook has an overview. Individual EU countries still have to implement this with legislation before it is effective.

From: Beebit <beebit-u03@euro.cauce.org>
Newsgroups: news.admin.net-abuse.email, talk.politics.european-union
Subject: European Parliament Supports 'Opt-In' for Commercial Email
Date: Thu, 30 May 2002 13:08:11 +0200

The European Parliament has decided to accept the Council's Common Position which would require senders of advertisements by "electronic mail" to have the recipient's prior consent. "Electronic mail" is defined broadly enough so as to include text messaging systems based on mobile telephony in addition to email.

The 'opt-in' requirement for electronic mail will be in Article 13, Paragraph 1 of the new Directive concerning the processing of personal data and the protection of privacy in the electronic communications sector which will enter into force following its publication in the Official Journal. The Directive will guide the enactment of legislation throughout the European Economic Area, which includes the 15 EU Member States and European Free Trade Association members Norway, Iceland, and Liechtenstein. EU Members Austria, Denmark, Finland, Germany, Greece, and Italy as well as EFTA member Norway had already implemented 'opt-in' in their national legislation.

Further provisions in the same Article would allow companies to send advertising via email for their own products or services of a similar category to addresses which they had obtained in the course of a sale, unless and until the customer has registered an objection. Customers are to be given the opportunity to object "free of charge and in an easy manner" both at the time the contact details are collected and with each advertising message.

All in all, is an extremely welcome development, and should serve as an example and inspiration for legislators in other territories. We are absolutely delighted to see Parliament joining the Commission and the Council in taking a stand to protect European consumers and network users. It only remains to extend similar protection to corporate citizens. This will probably have to be within the framework of other legislation than that pertaining to the processing of "personal data".

~~~
The European Coalition Against Unsolicited Commercial Email is an all-volunteer, ad-hoc grouping of Internet users and professionals dedicated to bringing about an end to an unethical practice by technical and legislative means. http://www.euro.cauce.org/en/

Part of a very bad Bill

[Cally]

the same chunk of legislation also contains some truly dreadful provisions regarding retention of ISP traffic and logs - seven years, I believe, and I'm not sure if they've yet backed down from the original hilarious requirement that ISPs maintain archives of *all data* they transit for the same seven years. See extensive coverage from the last year or so at The Register and the BBC plus of course numerous issues of Need To Know.
What I don't understand is why "they" (gub'mint's everywhere) seem to think that the answer to the failures that lead to 9/11 is more of the same. Unless... but that would just be paranoia.

Re:Part of a very bad Bill

[JohanV]

Please get your facts straight. The only part of that directive (not bill, directive) that allows retaining data is article 15.1

Article 15
Application of certain provisions of Directive 95/46/EC
1. Member States may adopt legislative measures to restrict the scope of the rights and obligations provided for in Article 5, Article 6, Article 8(1) to (4), and Article 9 of this Directive when such restriction constitutes a necessary measure to safeguard national security, defence, public security, the prevention, investigation, detection and prosecution of criminal offences or of unauthorised use of the electronic communication system, as referred to in Article 13(1) of Directive 95/46/EC.

Nobody has to store anything from the EU. The only thing that the EU says is that countries have the right for themselves to decide what records should be maintained for how long. In fact, the changelog goes as far as to say:

Article 15 - Application of certain provisions of Directive 95/46/EC
Specifies where Member States may restrict provisions of the Directive to safeguard public security and conduct criminal investigations;
Extends provisions of General data protection Directive on legal remedies and proceedings of working party to this Directive.
(Unchanged except for inclusion of new Article 9 in scope of derogation for public security reasons, replacement of 'telecommunication services' by 'electronic communications services' and deletion of committee procedure as their only role in the context of this directive was the amendment of the Annex which has disappeared).
Where Article 9 is about the information that can be obtained through e.g. cellphones about somebodies physical location.

In a not so unified Europe this is the only sensible thing to do. Europe should have a united security policy before adopting any legislation that tries to centralize this, or it might have very unwelcome effects. For instance, because the BRD considers the PKK to be a terrorist organization suddenly everywhere in Europe all countries would have to tap all electonic communications of all suspected PKK members, even if the national security board has decided that that specific organization is not terrorist.
Without me having a vote for the governing body of security services in other EU countries other EU countries should not have a vote in deciding the organizations that my country has to tap.

Not all good news

[ickle_matt]

Unfortunately the same legislation also allows police forces to demand that ISPs retain logs of customer activity. The BBC has a more detailed story.

Re:Too bad Canada doesn't care...

[kill_9_1]

I wish our wishy-washy Liberal government had the guts to extend the telemarketing rules to spam emails. I say "good show" to the EU for setting a precedent.

Ontario is drafting a proposal which would:
- require express positive consent before any personal information could be used for any other purpose than completing the initial transaction
- require express positive consent before any personal information was disclosed to a third party for marketing purposes
- means you will have to contact all of your existing customers and get their express positive consent before sending them any further marketing material.
- Extends the definition of personal information to include any information about an individual that can be manipulated and used to identify or contact an individual
- etc

Please note that not ALL corporations (in Canada, US or any other location) are interested in abusing the email system for quick-&-dirty profits. Many recognize the value of Doing The Right Thing(TM).

Re:I can't see this ever working in the US

[delphi125]

Unless you're paying for your dialup "by-the-byte"

Two things.

1. Unless they've invented infinite bandwidth dialup, every kilobyte takes about a fifth of a second (assuming a good modem).

2. Phone companies in Europe (and elsewhere, excluding USA) charge by the second for local calls. It gets quoted by the minute (e.g. 2 eurocents per minute) but nowadays is calculated by the second (in NL on ISDN at least).

TANSTAAFL

...the more important part, in my opinion.

[ParticleGirl]

Not only ISPs; all telecoms. All data. Seven years. The EU draftsman, Marco Capatto, is not happy with the data collection/retention clause, and has written a report on the proposal-- an interesting read. The problem is that this is a step away from the various governments independently deciding how to handle data collection and retention; the bill forces them to enact legislation that collects and retains in accordance with this bill. stop1984 has issued a press release on the subject.

This "LAW" is ONLY for financial spam

What slashdot fails to mention is that the law is ONLY for spam which is selling financial services.
http://www.newsbytes.com/news/01/170700.html

This should have been posted as a joke more than a legitimate law.

In the good soccer WM tradition

[CaptainZapp]

You're wrong on two counts:

The vast majority in Europe (which was part of civilized society, last I checked) pays by the second.

On the other hand, and provided you don't receive cell phone calls while roaming in other countries, cell phone reception is free as in beer.

Overall and givcen the really rotten mess called mobile phone services in the US, my assessment in that specific respect is:

Europe 1 : US 0