Forgot your password?
typodupeerror
Spam Your Rights Online

EU to Require Opt-In for Commercial Email 379

Posted by michael
from the all-things-dull-and-ugly dept.
D4C5CE writes "EuroCAUCE (Usenet message below) and Heise (in German) report that the European Parliament has voted to ban spam by adopting the "opt-in" system for unsolicited commercial email, finally freeing the way for the entry into force of a "European Parliament and Council directive concerning the processing of personal data and the protection of privacy in the electronic communications sector". The news of the parliamentary U-turn comes after a recommendation by the "Committee on Citizens' Freedoms and Rights, Justice and Home Affairs" to permit "opt-out" marketing had received critical coverage, causing countless spam victims world-wide to alert the Members of the European Parliament to the big mistake they were about to make, and it is hoped to become the useful precedent of a workable approach for US lawmakers currently evaluating means to regulate spam as well." The Parliament's daily notebook has an overview. Individual EU countries still have to implement this with legislation before it is effective.

From: Beebit <beebit-u03@euro.cauce.org>
Newsgroups: news.admin.net-abuse.email, talk.politics.european-union
Subject: European Parliament Supports 'Opt-In' for Commercial Email
Date: Thu, 30 May 2002 13:08:11 +0200

The European Parliament has decided to accept the Council's Common Position which would require senders of advertisements by "electronic mail" to have the recipient's prior consent. "Electronic mail" is defined broadly enough so as to include text messaging systems based on mobile telephony in addition to email.

The 'opt-in' requirement for electronic mail will be in Article 13, Paragraph 1 of the new Directive concerning the processing of personal data and the protection of privacy in the electronic communications sector which will enter into force following its publication in the Official Journal. The Directive will guide the enactment of legislation throughout the European Economic Area, which includes the 15 EU Member States and European Free Trade Association members Norway, Iceland, and Liechtenstein. EU Members Austria, Denmark, Finland, Germany, Greece, and Italy as well as EFTA member Norway had already implemented 'opt-in' in their national legislation.

Further provisions in the same Article would allow companies to send advertising via email for their own products or services of a similar category to addresses which they had obtained in the course of a sale, unless and until the customer has registered an objection. Customers are to be given the opportunity to object "free of charge and in an easy manner" both at the time the contact details are collected and with each advertising message.

All in all, is an extremely welcome development, and should serve as an example and inspiration for legislators in other territories. We are absolutely delighted to see Parliament joining the Commission and the Council in taking a stand to protect European consumers and network users. It only remains to extend similar protection to corporate citizens. This will probably have to be within the framework of other legislation than that pertaining to the processing of "personal data".

~~~
The European Coalition Against Unsolicited Commercial Email is an all-volunteer, ad-hoc grouping of Internet users and professionals dedicated to bringing about an end to an unethical practice by technical and legislative means. http://www.euro.cauce.org/en/

This discussion has been archived. No new comments can be posted.

EU to Require Opt-In for Commercial Email

Comments Filter:
  • damned america (Score:2, Insightful)

    Why must we be so behind the times when it comes to things like this?

    Oh, right. We don't want to interfere with business' right to annoy the hell out of us.
    • Re:damned america (Score:2, Insightful)

      by Anonymous Coward
      Why must we be so behind the times when it comes to things like this?

      Oh, right. We don't want to interfere with business' right to annoy the hell out of us.

      Where are your manners? That's no way to talk about your masters, now get back to work and remember to tithe a substantial amount of your income to business approves products and services. Opinions like yours get in the way of buying elected officials and key appointments.

      If anything, the EU is years behind the USA in selling out to business and the wealthy. Now if you'll excuse me, I have to go sell guns to school children.

    • Re:damned america (Score:2, Insightful)

      by base2op (226729)
      Why does it seem that the US government exists to protect the rights of businesses over citizens? I don't mean just with this issue, but like the DMCA, etc...
      It's a tad unsettling.
  • I hope they require a proper click box for opt in, rather than imbedded in a clickthrough license agreement...

    Either way opt-in is the way to go wrt email from commercial interests, I hope my country (US) adopts such restrictions for its corperations.
  • I would find it extremely annoying (if it were the case that I was living in Europe, which saddly enough it isn't), if I started to receive e-mail in several different languages all trying to opt me into some SPAM-list.

    Achtung! Die spammingmessagezunzuzkriben is nicht fer yer fingerpokin! Clicken-zie to unsubzkriven spamhaus und wilkommen billiards und billiards of weightenlozen, Paenisenlonginment und CowboyNealen mail.

  • by PenguinRadio (69089) on Thursday May 30, 2002 @12:48PM (#3610124) Homepage
    One reason the EU might be more advanced is because of the widespread use of mobile phones and the belief (one day) that a mobile device will be your main Internet connection. With per-minute or per-bit charges, getting spammed is going to end up costing people some serious coin if spam continues to grow out of control.

    I think this is a point a number of US politicians need to understand. With some of the charges proposed for 3G in the US ($2 a mb in some places) the end user could end up paying for a lot of crap e-mail.
    • And even without 3G, we're already paying for the medium - it's just cheaper. It's a no-brainer that systematic unsolicited communications where the receiver pays for delivery should be illegal.

      I think the U.S. ultimately likes it because legislators are being told these kinds of communications are good for the economy because they stimulate business by creating new transactions. But of course, you could say the same for legalizing fraud. Both approaches have long term conseunces which are bad in the end.

      -David
      • Don't forget that First Amendment issues are raised when discussion about banning marketing mail (electronic or snail) is raised. In the US we are bound by the Constitution wheteher we like it or not and regardless of its consequences; it's a double-edged sword that needs to be handled very carefully. The spammers know this and are going to this argument as long as they can.
      • As Enron has so resoundingly proven; it's actually BAD for the economy to foster an environment of fraud. If people don't TRUST, they don't take a chance with their money. It's in congress' interest to create strong laws and enforce them. Why they're not doing so is a complete mystery.
    • Except that in Europe you don't have to pay to receive either SMS messages or phone calls (unless your receiving it when roaming abroad, but that's pretty irrelevant), so that hasn't got anything to do with it.
    • One reason the EU might be more advanced is because of the widespread use of mobile phones and the belief (one day) that a mobile device will be your main Internet connection. With per-minute or per-bit charges, getting spammed is going to end up costing people some serious coin if spam continues to grow out of control.

      In most European countries, you don't need a mobile connection to pay per minute. ;)

      At least in .de - unless you're fortunate enough to live in a place that has DSL (available only in and near bigger cities ATM), your only option is pay-per-minute dialup (the concept of free local calls is US specific).

      spam has always cost Europeans real money.
  • I've tried chasing down spammers, even going so far as to contact Canada's Competition Bureau. The information I received back indicated that there are no laws in Canada prohibitating any kind of unsolicited commercial email. That means, they are not obligated to use a valid return email address, they're not obligated to inform you of how they got your email address, and they're not obligated to provide a valid phone number. This is in contrast to the relatively strict rules governing telemarketers.

    I wish our wishy-washy Liberal government had the guts to extend the telemarketing rules to spam emails. I say "good show" to the EU for setting a precedent.

    • I wish our wishy-washy Liberal government had the guts to extend the telemarketing rules to spam emails. I say "good show" to the EU for setting a precedent.

      Ontario is drafting a proposal [gov.on.ca] which would:
      - require express positive consent before any personal information could be used for any other purpose than completing the initial transaction
      - require express positive consent before any personal information was disclosed to a third party for marketing purposes
      - means you will have to contact all of your existing customers and get their express positive consent before sending them any further marketing material.
      - Extends the definition of personal information to include any information about an individual that can be manipulated and used to identify or contact an individual
      - etc

      Please note that not ALL corporations (in Canada, US or any other location) are interested in abusing the email system for quick-&-dirty profits. Many recognize the value of Doing The Right Thing(TM).

      • Many recognize the value of Doing The Right Thing(TM).

        Absolutely! You need look no further than Phillip Morris for exemplary corporate behaviour. They don't send SPAM - all they want to do is get kids hooked on smoking at an early age so that they can derive maximum profit from the addiction before the customers die.

        Kind of warms your heart to see them Doing The Right Thing and not flooding our mailboxes with SPAM!
      • After doing so [irpp.org] many [nupge.ca] wrong [wsws.org] things [publicpower.ca] they go and do occasional things like this. Argh!! It just means I can't hate them totally unreservedly.

        Sparing my 0.0000000000000001% respect for the Harris (Legacy) Tories since 2000.
  • I have seen several opt in schemes which have tricked users into opting in, or have been fraudulantly opted in, and its then a pain in the backside to opt out again...

    Is it gonna be mandatory that if someone wants to get away from something they opted in to that they can quickly and easily?
    • This is a very valid concern, but also very hard to legislate. What defines "quickly and easily"? If it's a web page, and a user goes to opt out, and there's a transient internet routing problem that prevents them from getting to the web page at that particular moment, does the company in question get busted when the user complains?

      I hate spam as much as anyone. However, I'm concerned about the burden of proof issue. Anyone who has operated a large opt-in list knows that some percentage of users don't remember opting in (a tiny percentage, but if you've got a list of 50,000 people and .1% of them don't rememeber opting in, you've got 50 angry people).

      Likewise, sometimes email addresses change, especially ISP based mail. joe@someisp.com may opt in for a list, then cancel his ISP account. A month later, there may be a different person using the joe@someisp.com account, depending on ISP policies. And that person is going to be getting truly unsolicited email.

      Of course, the idea is to ban egregious spammers, but I'm concerned about how laws / courts will deal with issues more subtle than "Joe Idiot bought a CD of a million email addresses and spammed them all." There has to be some protection, or some threshold of complaints, so that a tiny percentage of emails going wrong (either due to user or company error) doesn't result in huge legal issues... otherwise, we're talking about outlawing commercial email altogether, which I don't think anyone wants.

      Cheers
      -b
  • by Cally (10873) on Thursday May 30, 2002 @12:51PM (#3610163) Homepage
    the same chunk of legislation also contains some truly dreadful provisions regarding retention of ISP traffic and logs - seven years, I believe, and I'm not sure if they've yet backed down from the original hilarious requirement that ISPs maintain archives of *all data* they transit for the same seven years. See extensive coverage from the last year or so at The Register [theregister.co.uk] and the BBC [bbc.co.uk] plus of course numerous issues of Need To Know [ntk.net].
    What I don't understand is why "they" (gub'mint's everywhere) seem to think that the answer to the failures that lead to 9/11 [bbc.co.uk] is more of the same [theregister.co.uk]. Unless... but that would just be paranoia.
    • Not only ISPs; all telecoms. All data. Seven years. The EU draftsman, Marco Capatto, is not happy with the data collection/retention clause, and has written a report [statewatch.org] on the proposal-- an interesting read. The problem is that this is a step away from the various governments independently deciding how to handle data collection and retention; the bill forces them to enact legislation that collects and retains in accordance with this bill [eu.int]. stop1984 has issued a press release [stop1984.com] on the subject.
    • Please get your facts straight. The only part of that directive (not bill, directive) that allows retaining data is article 15.1

      Article 15
      Application of certain provisions of Directive 95/46/EC
      1. Member States may adopt legislative measures to restrict the scope of the rights and obligations provided for in Article 5, Article 6, Article 8(1) to (4), and Article 9 of this Directive when such restriction constitutes a necessary measure to safeguard national security, defence, public security, the prevention, investigation, detection and prosecution of criminal offences or of unauthorised use of the electronic communication system, as referred to in Article 13(1) of Directive 95/46/EC.

      Nobody has to store anything from the EU. The only thing that the EU says is that countries have the right for themselves to decide what records should be maintained for how long. In fact, the changelog goes as far as to say:

      Article 15 - Application of certain provisions of Directive 95/46/EC
      Specifies where Member States may restrict provisions of the Directive to safeguard public security and conduct criminal investigations;
      Extends provisions of General data protection Directive on legal remedies and proceedings of working party to this Directive.
      (Unchanged except for inclusion of new Article 9 in scope of derogation for public security reasons, replacement of 'telecommunication services' by 'electronic communications services' and deletion of committee procedure as their only role in the context of this directive was the amendment of the Annex which has disappeared).

      Where Article 9 is about the information that can be obtained through e.g. cellphones about somebodies physical location.

      In a not so unified Europe this is the only sensible thing to do. Europe should have a united security policy before adopting any legislation that tries to centralize this, or it might have very unwelcome effects. For instance, because the BRD considers the PKK to be a terrorist organization suddenly everywhere in Europe all countries would have to tap all electonic communications of all suspected PKK members, even if the national security board has decided that that specific organization is not terrorist.
      Without me having a vote for the governing body of security services in other EU countries other EU countries should not have a vote in deciding the organizations that my country has to tap.

    • If your website is a member of an affiliate program, has advertising banners or accepts paypal payments from users that have bootlegged your IP but want to pay you for it, what are you classified as? How about I put in a message in a mass-mailing to users on a mailing list a site I administer runs saying "while you're there please buy something through the affiliate store or click on an ad?" AFAIAMC (As Far As I Am Concerned) politicians should be civilally and criminally liable if their bills are considered generally destructive and outside the bounds of the country's constitution. Yes, I believe the USSC should be allowed to summarily imprison members of Congress who voted for the DMCA for say... 1 year and that each state supreme court should have the equivalent power. When the state acts, it can act only through violence implicitly or explicitly. When members of the civil body politic fuck up, they hurt people. They should be held accountable on a level that ordinary people are not.
      • What exactly is your problem?? So if you run a "possibly commercial" email list from within the EU, you'll have to implement confirmed opt-in for your email, and include an unsubscribe link in each email. Modern email list management software can already do both of these things. Big f-ing deal. I mean, this is trivial to implement.

        I suppose you think there should be no seatbelt or motorcycle helmet laws either? If anything they're more "onerous" than this law.

  • by teslatug (543527) on Thursday May 30, 2002 @12:53PM (#3610184)
    They should have to show in some way that you have opted in in the e-mail itself. Some sort of unique number that you gave them (or even an IP address, but this wouldn't be good enough). They would then have to have an e-mail AND some number to match up. There must also be a huge fine to back this up. This way, any business that sends an e-mail that says you opted in, can be automatically fined.
  • Not a solution (Score:2, Insightful)

    by CathedralRulz (566696)
    I think the beneficents of this will be lawyers who target the deep pockets - ISPs - and try to hold them liable.

    Spam is nearly impossible to stop via laws - I think the market will and is solving this problem with more intelligent filters that will make it un-rewarding.

    • Re:Not a solution (Score:2, Insightful)

      by azadrozny (576352)
      That's just it. Spam will always be worth it, because you can send it to tens of thousands instantly and free. All you need is one nitwit to but the latest get-rich-quick scheme and the ad is paid for.
      • Spam will always be worth it...

        Well, if you can impose some real costs on the sender, such as the threat of fines, then it becomes cost prohibitive.

        An example of the potential effectiveness of such legislation, one could point to the anti-SPAM-fax laws in the USA. Before them junk faxes were a real problem, and after them they were much reduced. Now this might not be long term, since I think there have been recent court cases that have invalidated parts of this lawas in some areas, but in general the approach has some merrit.

  • Not all good news (Score:2, Informative)

    by ickle_matt (122935)
    Unfortunately the same legislation also allows police forces to demand that ISPs retain logs of customer activity. The BBC [bbc.co.uk] has a more detailed story.
  • How in this enforced with respect to locations? Is this only applicable to domain names hosted in europe or if I claimed I was from Europe when I signed up for my hotmail account would I be protected by the Opt-in clause. If so how would they regulate this, do I have to be a resident of an European nation or do I merely need to route my e-mail through there? This decision is a great start but does anyone know if it will be truely effective and if so how can we on the other side of the pond benefit as well.
    • This law can only be enforced if the spammer is europe based.

      Sadly this is almost never the case but i could be encouraging to other countries to adopt similar laws. We would never be able to block every spammer on earth but it would undoubtly reduce the amount of spam we have to cope with.

      This is surely good news since my provider XS4ALL [xs4all.nl] allready won a courtcase against a dutch spammer [slashdot.org] and recently introduced spam filters on everyones account (individually configurable by the subscriber).
      • I see this argument (offshore spammers are immune to anti-spam laws) in the US as well.

        The flaw in the argument is that while the spammer may be offshore, the commercial transaction it solicits is often domestic. (Does 'domestic' apply to intra-EU things? Is there another word to use?) So, even if you can't get the offshore spammer directly, you can quite possibly get the business it's trying to promote.
  • There aren't really that many spammers. Look at how few different spams there are. If each country in the EU and each state in the US jailed one spammer a month, the problem would be gone in a year.

    Jailing white-collar criminals is incredibly effective in stopping specific types of activity. You put one CEO in jail, and it really gets the message across. When some GE executives went to jail for antitrust violations in the 1960s, it stopped antitrust problems for almost a decade.

  • I just don't know how any kind of legislation could ever stop or even noticeably slow spam. And I wonder how tightly you'd have to word something like this so you didn't go after legit mailers. I run an ultra-low volume mailing list at work and I get semi-indignant messages all the time from people saying they never signed up, when in fact they've usually forgotten they signed up in the first place (we don't do any address gathering or harvesting).

    I always honour the unsubscription requests, even going as far as sending a note of apology, so I wonder how this would affect folks like me that try to be responsible. Having said all that, I'm still all for trying this out, on the off chance it actually works.

    And I guess the spam opt-out should be in Esperanto to make sure we can all read it. :P

  • Reason #1 is Belgian beer.

    Mmmm. Belgian Beer.

    I knew I lived here for a reason. See reason #1 for why I'd forgotten :)
  • by ansible (9585) on Thursday May 30, 2002 @01:29PM (#3610479) Journal

    Spam used to get me really mad and/or annoyed. I thought about the scammers out there, I thought about my wasted time, I thought about wasted resources, etc.

    Recently, I've installed Spamassassin [spamassassin.org], and I've been running it for a few months.

    Nowdays, spam doesn't bother me too much. Spamassassin tags nearly all of it. Deleted without much trouble or effort on my part. I still report the ones that get through the filter. I haven't had much of a problem with false positives either.

    These days I'm thinking that passing more laws to stop spam isn't the answer. I'd rather we use technological solutions for now. If/when we finally all start using authenticated, encrypted e-mail, spam will cease to be a problem at all. In the mean time, a good filter aleviates the need for legislative solutions, in my opinion.

  • Here's my spooky prediction. We'll see "traffic congestion thinking": sure, everyone else should take the bus, but it can't hurt if I keep using my car, right?

    Likewise, every country in Europe will say "Sure, we don't want those bastard Germans, French and Brits [insert or delete as appropriate] spamming our citizens, but could it really hurt that much if we enact lax legislation so that our businesses can scam^H^H^H^H market themselves globally and reap nice fat tax generating revenues, right?"

    Remember, each member state can decide for itself exactly how to interpret this resolution, and how strongly to police and enforce it.

  • Not to fan any flames, and by no means take this to read as an endorsement, but would'nt it be grand if all those kids out there with tons of time and resources just decided to use there 'mad hacking' skills to take out some of these spammers?

    In a perfect world laws would be written, and enforced. But right now, they are not. As a general rule, I'm not a proponent of taking the law into your own hands, but I'd sure like to see some smack down on whoever hits the 'send' button on this crap I get in my e-mail box.

  • It won't help though (Score:3, Interesting)

    by bero-rh (98815) <bero.redhat@com> on Thursday May 30, 2002 @02:15PM (#3610835) Homepage
    Germany has had a similar law before, and it didn't do anything.

    I've reported spammers to the cops repeatedly, and usually got a letter 2 weeks later stating something along the lines of "yes, they violated the law, but we won't go after them for such a small offense because they're too busy with real crime (It's not like they're committing a major crime jike going 55 in a 50 zone, or crossing a traffic light 5 seconds after it turned red...)

    I don't think this piece of legislation will be any different.

    Legitimate businesses that may worry about their reputation never sent spam in the first place.
    • by troels (56872)
      Obviously germany have a problem then. But i hope other countries will take it more seriously.

      I unfortunately can't find any examples, but we have had this law in denmark for quite a while now and i remember reading about some people who were stopped.

      Of course we have different issues, like highly inconsistent laws. With email you need to opt-in, with regular mail you can opt-out (by placing a sticker on your mailbox) and on the phone only newspapers and one other type (forgot which) may advertise. A bit strange, but i guess it works.
  • This gives you a *Legal* basis to act against someone who repeatedly spamms you. Of course it won't stop a lot of spam, but if you can prove a company is repeatedly spamming you, you can finally act.

    Giving cynical comments about how this won't help etc, however doesn't do anything. Spam assasin etc would be better of course but it doesn't have any legal basis and it seems that quite a few politicos in the US have a vested interest in outlawing efforts such as that.
  • That all countries of the EU are allowed to monitor and record data transmissions. This vote passed this morning, they're still debating over exactly what they're allowed to store (i.e. web URLS, web content itself, usenet etc)

    Sounds like I'm gonna have to move back to the US, or somehow find an ISP that's gonna work around all this. What I was wondering about was exactly where they want to scan the data. At the ISPs or somewhere at the backbone?

    A little more information can be found here [webwereld.nl], if you can read Dutch :)
  • I'm not going to repost my previous [slashdot.org] comment on this, instead I will completely re-write and re-word it for those that think recycling one's own precious electrons that they themselves created is a waste.

    Let me start by introducing myself. I'm 29, born and raised in san Jose, had a computer in my house since I was 5. Up until the .com crash I had a nice 7 year long career as a sysadmin for a lot of different companies. So yeah, I do know a thing or two about computers, networking in general.

    Well, I had been laid off for about 6 months or so. Wife n I bought a house a week before I got laid off, she got laid off 2 weeks later. Everyday this unemployed sysadmin would fax out résumé's trying desperately to get off the top ramen diet I had been on all while the words "Must not eat, must pay mortgage" played out in my head. I had dropped in weight from 240lbs down to 196. Poor desperate and at the end of my rope I decided to try and scrounge up some contract work.

    Around that same time, a friend of mine told me something rather intriguing. His father [slashdot.org] down in Bakersfield apparently had a T1 line, and was running a spam operation out of his house and might need my help in making it better. It would be an all expenses paid trip (gas for his car, 7-11 burritos, big gulps, smokes) I told him I had sort of a moral objection to eat so let's go!

    Well as we started out our trip I talked to my bud about how I was going to install list managers for his dad and how it would help him stay "legal" We switched subjects from our acid trippin days as teenagers to who was having kids these days. It's weird, as you approach 30ish it seems like you and all your friends wives are just shooting out babies and placenta like AA fire over Baghdad. Well 5 hours later we arrived at his fathers house and I began to surmise the situation.

    *Thinking to self* Hmm I bet myself any money that it's just DSL... Nono... wait a minute what is he using that cisco2500 for??? Wait a minute, look at those orange lights flickering at 60hz Holy SHIT thats a CSU DSU! Wait lemme count...1.2.3.4 YES!! 4 COPPERS!

    I looked over the rest of the room and saw that it was wall to wall screwdriver shop computers, all of them running win98. Then I opened my mouth.

    "Wow, you really got your act together here!" He started showing me the different systems and softwares of his operation. To my horror and shock he was running a windows based open relay SMTP scanner [slashdot.org]!

    *Open mouth, Insert Foot* "Uhhh sir? Using other peoples SMTP servers without authorization is trespass." Well I opened up the floodgates of this 53ish former Green Berets patriotic side. Oops!

    "THE INTERNET WAS CREATED BY THE GOVERNMENT WITH MY TAX DOLLARS!! IF THESE SERVERS ARE OPEN RELAY'S THAT MEANS THEY WANT ME TO USE THEM! DON'T TELL ME I KNOW IT ALL! ALL THESE LAWS THEY'RE PASSING ARE INTERFERING WITH MY AMERICAN RIGHT TO DO BUSINESS!!"

    At that point I had to think quick, c'mon toq, what would you say whenever someone was absolutely ballistic at the office. Somehow my ramen fed mind uttered the phrase, "I never thought of it that way, I think you're right!" Holy shit it worked! He calmed down after that.

    The way home was spent driving faster than we had gone going there and explaining to my friend how what his father was doing was bad. He really didn't get it until I told him it fucks up his counter-strike and penciled in bandwidth calculations. 3 days of sleeping on a floor in a run down apartment complex wasn't really that fun. That and his father tried to shanghai us down to the army recruiters. Despite the negative involved it was a growing and learning experience because I saw exactly how the REAL down in the GHETTO spammers live. It's not pretty.

    Sort of an update to the story, my buddies father is out of business. Not from an ISP shutdown though. His wife left him so he moved to the Philippines to avoid paying alimony. Myself, I've fully adjusted to eating less, working out more, and living on a string of contracts for everything from doing web work to 3D renderings of industrial machinery.

"Love may fail, but courtesy will previal." -- A Kurt Vonnegut fan

Working...