Cookies on Pinsent Masons website

This website uses cookies to allow us to see how the site is used. The cookies cannot identify you. If you continue to use this site we will assume that you are happy with this

If you want to use the sites without cookies or would like to know more, you can do that here.

Spam and cookies law in force today in UK

New rules to deal with unsolicited commercial e-mail, cookies and other privacy issues in electronic communications came into force in the UK today. But there is a risk that the new Regulations may actually encourage more spam.11 Dec 2003

New rules to deal with unsolicited commercial e-mail, cookies and other privacy issues in electronic communications came into force in the UK today. But the new Regulations may actually encourage more spam.

The Privacy and Electronic Communications Regulations implement an EU Directive of last year, and should have been in force by 31st October.

In summary the Regulations:

Require businesses to gain prior consent before sending unsolicited advertising e-mail to individuals, except where there is an existing customer relationship;

Require that the use of cookies or other tracking devices are clearly indicated and that people are given the opportunity to reject them. (Cookies are small text files used by most commercial web sites. The files are sent from a web server to a web site visitor's computer and are stored on the hard drive, so that when the user visits the web site again or visits another page of the site, the site will remember him);

Network operators and their partners will be able to provide subscription and advertising services based on location and traffic data to their customers. There is no restriction on the type of services that may be provided as long as subscribers give their consent and are informed of the data processing implications, and;

Ensure stronger rights for individuals to decide if they wish to be listed in subscriber directories. Clear information about the directory must also be given, e.g. whether further contact details can be obtained from just a telephone number or a name and address.

Corporate subscribers are exempt from the prior consent rule for e-mail marketing, which means that spam to office e-mail accounts does not breach these Regulations, provided proper sender and contact details are given and opt-out requests respected. (Although it is worth noting that the collection and use of the e-mail addresses being targeted by spam may well breach the Data Protection Act.)

The Government has also announced its intention to extend the Telephone Preference Service to corporate subscribers next year, which means that both businesses and individuals should be able to opt-out of phone marketing by the end of next year.

In a statement issued today, Communications Minister Stephen Timms said:

"The Office of the Information Commissioner, an independent authority that reports directly to parliament will enforce the regulations.

"Breach of enforcement orders issued by the Information Commissioner is a criminal offence liable to a fine of up to £5,000 in a magistrate's court, or an unlimited fine if the trial is before jury. Anyone who has suffered damages because the regulations have been breached has the right to sue the person responsible for compensation."

The Government has been careful to avoid any suggestion that these Regulations will solve the problem of spam. In face, few expect the Regulations to have any real impact on the volumes of spam received by UK individuals.

Most spam comes from outside the EU, and given its often misleading, fraudulent or pornographic nature, the senders often already breach other laws without caring. But critics have pointed out that by exempting corporate subscribers, the UK's Regulations could have the unfortunate effect of actually encouraging more spam.

The Information Commissioner recently published guidelines that aim to help those seeking to comply with the new rules. In addition, Masons, the firm behind OUT-LAW.COM, has launched

Linking to can help a business to fulfil some of its obligations under the new Regulations. The site gives information to visitors about deleting and controlling cookies with most of the major internet browsers. It is updated periodically when new versions of major browsers are released.

Although the UK did not meet the implementation deadline set by the EU of 31st October, it is still further forward than the majority of EU Member States.

Earlier this week the Commission sent letters of formal notice, the first stage of infringement proceedings, to nine states that have not yet put "transposition measures" into place: Belgium, Germany, Greece, France, Luxembourg, the Netherlands, Portugal, Finland and Sweden.