Law gets tough on spammers

30 Apr 2003

Irish companies will have to gain explicit consent, so-called opt-in, of users in order to send email marketing to them, thanks to the EU Privacy and Electronic Communications Directive, which is set to be incorporated into Irish law in October.

This move will be welcomed by those whose systems are being overrun by spam mail. However, it will be something of a burden to direct marketing companies and possibly internet service providers (ISP) as they will be obliged to adapt their websites and databases to be in line with the new legislation.

The directive is designed to reduce the amount of spam clogging up corporate networks. It is felt that many consumers are unlikely to opt in if they are clearly told that their information may be used for marketing. And as the number of consumers not giving consent grows, the amount of spam should decrease as marketers cleanse their lists to comply with the law.

According to a spokesman for the Department of Communication’s Regulatory Affairs Division: “It will become an offence to send commercial emails without consent and it will be subject to forms of legal reprimand, which will more than likely be a fine and/or imprisonment depending on the nature of the offence.”

Under the existing Data Protection Act consumers merely need to be told what their personal data will be used for. Firms can put customers on marketing lists at will and it is up to consumers to actively opt-out.

The legislation also regulates the placing of cookies on personal computers. Consumers must now be allowed the opportunity to refuse cookies. This provision has been criticised by the internet industry, which has argued that cookies are essential to their commercial success.

It is believed that the Data Protection Commission in conjunction with the Commission for Communications Regulation will be responsible for the enforcement and monitoring of this directive. It is understood that ISPs, such as and Iol, will be involved in the directive’s enforcement and may be required to record spam and implement a central filtering system. However, consultations are still taking place and it may be several months before the directive’s implementation and enforcement are finalised and agreed by all. It is widely believed that the regulations need to be supported by ISPs to work.

According to a spokesman for the Internet Service Providers Association of Ireland (ISPAI): “The ISPAI is meeting on this issue in the near future and the whole idea is to actually look at this directive and formulate what our response should be. So, on the basis of that and at this stage, the ISPAI can make no comment.”

It is understood that there has been no official or formal approach by the Department of Communications to the ISPAI or individual ISPs.

Also, there is still some concern as to the potential effectiveness of the legislation as the majority of spam comes from outside the EU and will obviously not be affected by the new regulations.

By Lisa Deeney