A study by the Institute of Information Law (IViR) at the University of Amsterdam has revealed that the EUs much-vaunted anti-spam legislation, Directive 58, is fast turning into a legislative disaster.
The Directive on Privacy and Electronic Communications, to give it its full name, was supposed to have been adopted by EU member states by October 2003, but according to the IViR, only 7 of 15 have bothered to implement legislation by the cut-off date.
A directive that was supposed to see spammers pursued under Article 13 of the Directive, the section which covers e-privacy, could now witness the ridiculous situation of members states themselves being fined by EU authorities for non-compliance.
The reports authors said that there was also uncertainty as to how and when new states joining the EU on 1 May this year would have to implement the directive.
Beyond the basic issue of compliance, the IViRs research lifts on deeper problems that could take a decade to sort out. There was, for example, widespread confusion about defining the precise meaning of some of the legislations main terms, and countries that have implemented the Directive were attaching widely varying penalties for offenders ranging from fines to imprisonment.
The worst countries for originating spam were also outside the EU. IViR senior researcher Lodewijk Asscher described the top three - the US, China and South Korea - as the "spam axis of evil". Directive 58 was powerless to make real headway without a widening of international cooperation. No legal solution will catch all spam. Technical solutions are crucial.
But he still felt that the Directive had been worthwhile as a statement of intent. "There is important symbolic value. It has put spam on the political agenda," he said. "The US Can-Spam regime is far inferior to this Directive. It is [merely] an opt-out regime."
The IViR carried out the research in conjunction with by anti-spam vendor Sybari. The full report, and its recommendations, can be downloaded here.