Webtrends Tracking Code
 
UK Home >  Legal Info About... >  Email >  Spam law

Spam Law

This article, based on UK law, first appeared in E-Commerce Law and Policy in spring 2003. Since then, however, the law on email marketing has changed. For the current position, see our article on Email Marketing.

Most of us get annoyed by spam, the term for unsolicited commercial email that was apparently inspired by a Monty Python sketch. Yet, however surprising it may be, spam does seem to find its market. Last year, for instance, luxury cars, cash and jewellery worth over $30 million were seized by officials from those behind a company in Arizona that promoted bogus penile and breast enlargement pills by spam. And the problem is not going away. According to email security firm MessageLabs, spam accounted for one in eight email messages in the UK in November 2002, up from one in 199 at the start of that year.

The cost of sending spam is cheap, but the annual cost for recipient businesses – including the time employees waste reading and deleting it as well as the cost of bandwidth – is put at $8.9 billion in the US and $2.5 billion in Europe, according to a report in December from Ferris Research. The accuracy of such figures can be questioned – does it follow that employee time wasted reading spam is time that would otherwise be spent productively? – but few would deny that spam is at best an irritation, at worst a liability.

It came as good news to many when, in December, AOL won damages of almost $7 million in a case against the sender of over a billion junk email messages advertising porn sites. That case was brought under a tough anti-spam statute in Virginia which provides that the senders of spam can be liable for up to $25,000 for each day that they send spam. In the circumstances of AOL's case, the senders were sending their spam in violation of an injunction that had been obtained previously by AOL against them.

Unfortunately, European law has no relevant law as powerful as that used by AOL . In fact, in the UK , it is often said that spam is lawful, but this is not quite true; there are laws that are relevant to spam.

The Data Protection Act 1998 can apply because it covers the collection and use of personal data. The definition of personal data is broad and can be as simple as an email address in the format forename.surname@company.com since, from that information, an individual can be identified.

Some took the view that the Telecommunications (Data Protection and Privacy) Regulations 1999 could apply to spam, but the argument was tenuous and has never been tested in court.

If the sender of spam is in the UK , a recipient can also complain to the Information Commissioner. If it appears to the Information Commissioner that the email was a one-off, the spammer is likely to get away with just a warning. But if a repeat offender, action can be taken against the spammer.

To date, however, the Commissioner has never taken such action against a spammer, and generally, the UK Government has taken the approach that spam is something best suited to industry self-regulation. As explained below, this is due to change during 2003.

The DMA promotes an Email Preference Service, operated by its US counterpart. If you don't want to receive spam. The idea is that individuals send the Service the email addresses they use. The Service provides these to its member companies worldwide, who must make sure they do not send marketing emails to those on the list.

If you receive spam from DMA members, despite being registered with the Service, you can complain to the DMA , which may cancel the company's membership – its punishment being bad PR . However, it is very unlikely that any member of the DMA would risk the stigma attached to sending spam. Instead, its members are more likely to concentrate on permission-based marketing – which is not spam.

The Distance Selling Regulations, introduced in the UK in October 2000, should have dealt with spam. These Regulations gave new rights to consumers buying products on-line or in other situations where the contract is not made face-to-face with the seller. The Regulations were based on a European Directive which had a provision against spam. In effect, the Directive provides that email marketing is only permissible "where there is no clear objection from the consumer." However, the UK did not implement the anti-spam provision in its Regulations. The Department of Trade and Industry took the view that this was unnecessary because another provision in the Directive allowed self-regulation by industry bodies.

More recently, the E-commerce Directive was introduced, together with its country of origin principle. This principle excluded unsolicited commercial email. While spam may be currently lawful in the UK in some circumstances, it is not legal in, for example, Italy, where an opt-in approach is taken; and, because of the Directive's country of origin exclusion, a UK business cannot rely on UK law to justify the spamming of Italian consumers.

In fact, Austria, Finland, Denmark and Germany have similar laws based on the opt-in approach to spam. The opt-in approach generally means that marketing emails cannot be sent to an individual unless that individual has elected to receive such communications. The alternative is opt-out, whereby senders can email anyone but must comply with opt-out requests if the individual indicates that he no longer wants to receive these emails.

The E-commerce Directive and last year's implementing UK Regulations state that spam must be clearly and unambiguously identifiable as such as soon as it is received. Arguably, this is not very helpful. A rule on how to identify spam would make it easier to filter. Such rules exist in US laws. For example, Californian anti-spam legislation provides that the letters " ADV :" should appear in the subject header. This allows users to set up a basic email filter for any email containing " ADV :" in the subject header.

The Directive also says that businesses must consult regularly and respect the opt-out registers before sending unsolicited commercial communications. In fact, the UK decided to omit this provision when implementing the Directive. The Government considers that industry self-regulation and codes of conduct already give effective protection to the recipients of spam.

The most substantial change to the legal position of spam in the UK will come when we implement the European Directive on the protection of personal data and privacy in the electronic communications sector. This must be done before November 2003. It will bring the UK position on spam into line with the approach of the Member States mentioned above, by requiring that unsolicited commercial communications such as email, text messages, faxes or telephone calls from automated calling systems, should be opt-in. This means that consumers must indicate that they are willing to receive such communications before they can be legally sent.

In contract law, ISP s may have grounds for action against spammers. Most ISP s' terms and conditions forbid the sending of spam. Depending on the circumstances, it may also be possible to charge a spammer in the UK with trade mark infringement, causing criminal damage, nuisance and/or trespass. The first UK anti-spam case took place in 1999. ISP Virgin Net sued a customer, Adrian Paris, who had used its service to send 250,000 spam messages. The biggest concern for the ISP was that Virgin Net was briefly blacklisted by an internet email boycotting tool, potentially damaging its reputation. The company sued for breach of contract and trespass, but ultimately settled the matter out of court.

Legal action is rare. The main problem with controlling the type of spam that clogs up our inboxes is that the people sending it could not care less about the law. Those sending spam of the "get rich quick" or "university diplomas for $20" varieties will breach the advertising and fraud laws of many countries without concern, so they are not going to take much notice of new anti-spam laws from the UK , EU or anywhere else. Occasionally, as in AOL 's case, a spammer will be caught and successfully sued. But this is not a viable option for most of us wading through the trash in our inboxes, making do with a delete key rather than litigation.

It is important that there are laws against pure spam – it must be deterred; but it's also vital to protect the right of companies to market their products legitimately, so any law must be well balanced. For the foreseeable future, the best way of dealing with spam is not in court; it has to be found in technology.

For more information contact: struan.robertson@out-law.com

OUT-LAW star: link to the home page
Disclaimer | Privacy | Site Map | Accessibility
Disclaimer: This was printed from OUT-LAW.COM, a service of international law firm Pinsent Masons. We hope you find this content useful. However, please note that nothing in this document constitutes specific legal advice. You should consult a suitably qualified lawyer on any specific legal problem or matter. Any questions, please email info@out-law.com.