In its directive on privacy and electronic communications, the European Union last year stipulated that all member countries should implement a localized version of the directive by Oct. 31. However, six months after the deadline, more than half of the European Union's members have not yet complied, according to the Institute of Information Law.
Lodewijk Asscher, head of research at the institute, said at the InfoSecurity exhibition here that although the directive is a step in the right direction, it gives member states too much power over how the law can be interpreted and has no control over spam originating overseas.
"Is this going to stop spam? No, not at all. The legal approach is only part of the solution, and it will take years," he said. "There is a spam axis of evil--which includes the United States, China and South Korea--and EU law isn't going to help us there."
In December and again on April 1, the EU sent warning letters to the offending countries, which include Germany, France, Belgium, Netherlands, Greece, Portugal, Luxembourg and Finland. Asscher said that he expects further action to be taken if the offending countries have not implemented specific spam laws by June.
Munir Kotadia of ZDNet UK reported from London.