Five months after the EC deadline for spam legislation, there are still some holdouts, but not for long. The European Commission threatened eight nations (Belgium, Germany, Greece, France, Luxembourg, the Netherlands, Portugal and Finland) this month with legal action at the European Court of Justice if they do not pass spam legislation within two months.
The EC’s Directive on Privacy and Electronic Communications, passed July 2002, set guidelines for cookies, telemarketing, server security, and much more. Article 13 of the Directive required spam legislation, requiring header honesty and an opt-out for established relationships. It requires opt-in otherwise but allows national legislation to establish what the structure of the opt-in regime is; that is nations can decide who is doing the opting:
1. The use of automated calling systems without human
intervention (automatic calling machines), facsimile machines
(fax) or electronic mail for the purposes of direct marketing
may only be allowed in respect of subscribers who have given
their prior consent.
2. Notwithstanding paragraph 1, where a natural or legal
person obtains from its customers their electronic contact
details for electronic mail, in the context of the sale of a
product or a service, in accordance with Directive 95/46/EC,
the same natural or legal person may use these electronic
contact details for direct marketing of its own similar products
or services provided that customers clearly and distinctly are
given the opportunity to object, free of charge and in an easy
manner, to such use of electronic contact details when they are
collected and on the occasion of each message in case the
customer has not initially refused such use.
3. Member States shall take appropriate measures to ensure
that, free of charge, unsolicited communications for purposes
of direct marketing, in cases other than those referred to in
paragraphs 1 and 2, are not allowed either without the consent
of the subscribers concerned or in respect of subscribers who
do not wish to receive these communications, the choice
between these options to be determined by national legislation.
4. In any event, the practice of sending electronic mail for
purposes of direct marketing disguising or concealing the identity
of the sender on whose behalf the communication is made,
or without a valid address to which the recipient may send a
request that such communications cease, shall be prohibited.
Council Directive 2002/58/EC, art. 13, 2002 O.J. (201) 37, 46-47. Article 17 required compliance by Oct 31, 2003. Everyone but the eight nations threatened and Sweden complied in time. Sweden passed legislation in March after the warnings in November for noncompliance.
The EU’s conscious choice to allow diversity in spam legislation is the opposite of the US's standardization of divergent state spam law with CAN-SPAM. Though the policy reasoning around Europe is uniform (and in the Directive), varied implementation of these values could make a big difference in effectiveness. Differences in punishment, adminstration, cause of action, and simple investment in fighting spam could make European spam policy more uneven than the US policy once was, even with a uniform directive.
For other countries, see the Spam Laws Worldwide Index.