Regulations on privacy and electronic communications
While the Data Protection Directive 95/46 and Data Protection Act afford a reasonable
level of protection for consumers, they were quickly superseded by advances in technol-
ogy and the rapid growth in spam. As a result, in 2002 the European Union passed the
‘2002/58/EC Directive on Privacy and Electronic Communications’ to complement pre-
vious data protection law. This Act is significant from an information technology
perspective since it applies specifically to electronic communications such as e-mail and
the monitoring of web sites.
As with other European laws, this law was implemented differently in different coun-
tries. Some countries considered infringements more seriously. A company which is in
breach of the directive in Italy is threatened by fines of up to €66,000 while in the UK the
maximum fine is £5,000. It is clearly important for managers to have access to legal
advice which applies not only to their own country, but also to other European countries.
In the US in January 2004, a new federal law known as the CAN-SPAM Act was intro-
duced to assist in the control of unsolicited e-mail. CAN SPAM stands for ‘Controlling
the Assault of Non-Solicited Pornography and Marketing’ (an ironic juxtaposition
between pornography and marketing). This harmonised separate laws in different US
states, but was less strict than in some states such as California. The Act requires unso-
licited commercial e-mail messages to be labelled (though not by a standard method)
and to include opt-out instructions and the sender’s physical address. It prohibits the
use of deceptive subject lines and false headers in such messages. Anti-spam legislation
in other countries can be accessed at http://www.spamlaws.com.
As an example of European privacy law, we will now review the implications for man-
agers of the UK enactment of 2002/58/EC Directive on Privacy and Electronic
Communications. This came into force in the UK on 11 December 2003 as the Privacy
and Electronic Communications Regulations (PECR) Act. The law is published at:
http://www.hmso.gov.uk/si/si2003/20032426.htm. Consumer marketers in the UK also need to
heed the Code of Advertising Practice from the Advertising Standards Agency (ASA CAP
code, http://www.asa.org.uk/the_codes). This has broadly similar aims and places similar
restrictions on marketers to the PECR law.
It is a surprisingly accessible and commonsense document – many marketers will be
practising similar principles already. Clauses 22 to 24 are the main clauses relevant to e-
mail communications. We will summarise the main implications of the law by picking
out key phrases. The new PECR law:1 Applies to consumer marketing using e-mail or SMS text messages
22(1) applies to individual subscribers. ‘Individual subscribers’ means consumers, although
the Information Commissioner has stated that this may be reviewed in future to include
business subscribers as is the case in some other countries such as Italy and Germany.
Although this sounds like great news for business-to-business (B2B) marketers and
some take the view ‘great, the new law doesn’t apply to us’, this could be dangerous. There
has been adjudication by the Advertising Standards Agency which found against a B2B
organisation which had unwittingly e-mailed consumers from what they believed was
an in-house list of B2B customers.2 Is an ‘opt-in’ regime
The new law applies to ‘unsolicited communications’ (22(1)). It was introduced with a view
to reducing spam, although we all know its impact will be limited on spammers beyond
Europe. The relevant phrase is part of 22(2) where the recipient must have ‘previously
notified the sender that he consents’ or has proactively agreed to receiving commercialLEGAL AND ETHICAL ISSUES OF INTERNET USAGEPrivacy and
Electronic
Communications
Regulations Act
A law intended to
control the distribution
of e-mail and other
online communications
including cookies.