The EU’s ePrivacy Directive sets specific limits on how personal data can be stored and used, particularly when it comes to e-mail spam and other forms of ‘unsolicited communications’. Laws, however, are not always enough.