"Junk" e-mail costs internet users
euro 10 billion a year worldwide
Commission study
Internet subscribers world-wide are unwittingly paying an
estimated euro 10 billion a year in connection costs just to
receive "junk" e-mails, according to a study undertaken
for the European Commission. The study, which provides detailed
information on the junk mail (or "spam") phenomenon in
both the US and the European Union, forms part of the Commission's
ongoing efforts to ensure that the development of the internet and
e-commerce does not undermine Europe's rules on Internet privacy
and data protection. Unless consumers feel their privacy is
adequately protected, the on-line services that are so important
to wealth and job creation in Europe are unlikely to flourish. The
study also compares the different approaches adopted by EU Member
States in implementing the EU Directives on data protection into
national law. The study will help the Commission's work with
Member States' data protection experts on assessing the
implementation of EU data protection Directives. The findings will
also be taken into account by the Commission when proposing
updates to EU data protection legislation.
Summary of the report - Full text of the report -
Article 29 Working Party opinions
Internal Market Commissioner Frits Bolkestein said: "The
exponential growth of junk e-mail in recent years is a fact of
life. Current technology allows a single cyber-marketing company
to send half a billion personalised ad mails via the World Wide
Web every day. Consumer information gleaned from individual web
transactions/consultations can be sold for large sums of money,
and yet many individual subscribers are unaware of the scale and
implications of these developments. In the interests of ensuring a
Single Market in goods and services and the growth of cross-border
trade, the Commission has a responsibility to ensure that the Data
Protection Directives are fairly applied across the Union. We aim
to encourage the continued development of internet services
without weakening the individual's right to privacy."
Within the EU, data protection is enshrined in two Directives: 95/46/EC
that lays down general rules, and 97/66/EC
that lays down specific provisions to deal with data protection
and privacy in the telecommunications sector.
The study's analysis of e-mail marketing concentrates on the
most-developed market, the US, and details how, in response to the
rapid growth of junk mail, the e-mail marketing industry is
working with internet users towards systems of data collection and
exchange based on the express permission of the user.
In looking at legal protection against junk mail or
"spamming" in the EU, the study finds that the
application of the concepts enshrined in the existing Directives
are applied in different ways across the EU. Protection is
afforded via either opt-outs (e.g. a box to tick if you do not
wish to receive unsolicited information) or opt-ins (a formal
request to receive such information). Opt-ins are required in
Austria, Denmark, Finland, Italy and Germany.
The speed with which Internet technology is moving was
recognised in an undertaking made in a Commission proposal of July
2000 to revise and update the Directive on data protection and
privacy in the telecommunications sector (97/66/EC). This proposal
favours the opt-in approach. This is supported by the study which
found that, from the point of view of industry, "permission
based marketing" is proving a more effective and viable
method of data collection. The study also found that the opt-in
approach would serve to bolster consumer confidence in the EU.
Differences in how Member States apply the existing EU Directives
risk, the study indicates, giving rise to potential barriers to
the free movement of data within the Internal Market.
The Commission monitors the efficient operation of this
legislation in close co-operation with Member States' data
protection experts, who meet regularly in a Working Party
established by the 1995 Directive (Article 29). In November 2000,
the Article 29 Data Protection Working Party issued a formal
opinion on the Commission proposal to update Directive 97/66 as
well as a report on "Privacy and the Internet" that
looked at two key areas: the industrial uses of data and the legal
protection of data. To date, the Commission has decided to bring
Ireland, Luxembourg, France and Germany to the European Court of
Justice for failure to notify the measures these administrations
are taking to implement the provisions of 95/46/EC in national law
- the implementation deadline was October 1998.
Later this year, the Commission is due to prepare a report on
the application of Directive 95/46/EC. This will take full account
of the potential for technological developments, particularly in
terms of data collection, to undermine the strong standards of
protection laid down in the Directive.
