EU body pushes spam guidelines

The European Parliament recommends that European Union members turn sweeping guidelines regulating spam, cookies and Web security into laws.

3 min read
The European Parliament has signed off on sweeping guidelines for Internet regulation, including prohibiting spam and the use of cookies without the explicit permission from Web surfers.

The directive, which the Parliament approved Thursday, calls for an "opt-in" system for e-mails, faxes and automated calling systems that requires marketers to receive permission from recipients before they make unsolicited commercial pitches.

It also requires companies to provide computer users with "clear and precise information" regarding the use of cookies and prohibits them from placing cookies on an individual's computer without that person's permission. Cookies, small data files written to a computer user's hard drive by some Web sites, have long been used to tailor Internet pages for returning visitors and to better target ads.

In a compromise with law enforcement, the directive would also require telecommunication companies and Internet service providers to retain traffic data, such as e-mail, for criminal investigation purposes or to safeguard national and public security.

The directive is not binding, and now goes to each of the European Union's member states, which will decide whether and how to implement the recommendations as law.

Some policy experts expressed concern that strict adherence to the guidelines could create a universal surveillance system and have wide ramifications for the telecommunication and marketing industries.

Experts said telecom companies and ISPs would be compelled to store large amounts of data to comply with the criminal investigation provisions, meaning they would have to put up the cost for more servers for storage, for example.

The directive "is giving the government monopoly on collecting data...It's allowing government massive power or ability to collect data on EU citizens," said Sonia Arrison, director for the Center of Technology Studies at the Pacific Research Institute.

Arrison also took aim at the directive's anti-spam measures, saying they could curtail legitimate marketers while doing little to stem junk e-mail from outside the EU member states.

"The ironic thing is that the directive is stopping legitimate companies from sending marketing material to their customers," she said.

Telecommunications surveillance continues to be an ongoing issue, especially in Europe. At the end of last year, the Parliament voted against any form of electronic surveillance and said the law enforcement agencies should obtain permission, such as a court order, before collecting data. Thursday's vote, however, offered a compromise with law enforcement interests on data protection.

The vote was not without opposition. Italian parliamentarian Marco Cappato had rejected any responsibility for the outcome of Thursday's directive, saying it entailed massive restrictions on civil liberties, according to the Parliament.

The guidelines have "a chilling affect on freedom of speech," said Cedric Laurant, policy fellow at the Electronic Privacy Information Center. In regards to data retention, "people will always fear that something they said may be used against them" for law enforcement purposes.

Laurant said although the directive has been passed to each EU member state, it will likely take some time for it to lead to laws. He said that most countries generally implement a directive within three to five years, but some countries take much longer.