Mr Erkki Liikanen Member of the European Commission, responsible for Enterprise and the Information Society "Combating Spam on All Fronts" Press Conference on Spam Brussels, 15 July 2003 DN: SPEECH/03/365 Date: 15/07/2003 TXT: EN PDF: EN DOC: EN SPEECH/03/365 Mr Erkki Liikanen Member of the European Commission, responsible for Enterprise and the Information Society "Combating Spam on All Fronts" Press Conference on Spam Brussels, 15 July 2003 Entry into application of new Regulatory Framework I would like to begin this press conference by announcing that by the end of next week, the new regulatory framework for electronic communications will have to be applied in all Member States. This is a very important body of legislation based on convergence and aimed at stimulating competition and innovation in the electronic communications sector a sector that holds one of the keys to wider economic prosperity. According to our information, the transposition is going well in most of the Member States. But we have been following closely the national transpositions of the new package and regard it as a priority to that it is implemented in a timely fashion. Should there be problems down the line, we will of course take appropriate enforcement action. One of the Directives of the new package that on Data Privacy in Electronic Communications needs to be implemented by the end of October. One of the key elements of this Directive is the issue of unsolicited e-mails or so-called "Spam". And that is the focus of my press conference today. Spam: the size of the problem I do not have to tell you that unsolicited commercial e-mail, or spam, has reached worrying numbers, and that the recent growth is even more worrying. In June 2003, around 48 percent of global e-mail traffic was spam - according to the company Brightmail - starting from 7 percent in April 2001. At the Commission an estimated 30% of e-mails coming from outside the Commission is spam. Current EU figures are a little less than the global figures, about 34 percent spam in June. The growth of spam is very worrying. It is expected that spam will grow to more that 50% of global e-mail traffic before the summer is over. Every piece of spam is spam of course. But it is worth looking at the categories. While the majority of spam is about selling 'traditional' products and notably financial services (12%), an estimated 24 % is adult content, and 6 % spam is advance fee fraud (or 'scam'). Why is spam a problem? Spam is a problem for all of us as individual. Not only for obvious privacy reasons, but also because it is very annoying, time-consuming, and indeed, money-consuming. Anybody whose e-mail address is available receives a lot of spam. Commissioners and journalists are among them as is any individual using electronic communications for various, professional or non-professional interests. In addition, spam has also reached a point where it creates important costs for industry: Legitimate commercial or business e-mails are simply not read anymore. Efficiency at work is undermined because inboxes are full of spam. Internet Service Providers or "ISP" have to buy more bandwidth just for transmitting e-mails nobody wants to receive, with the extra costs being inevitably passed on to subscribers. The Research Institute Ferris has estimated that in 2002, spam cost European companies 2.5 billion . just in terms of lost productivity. The most worrying consequence of spam is perhaps that it undermines user confidence, which is a prerequisite for successful e-commerce or e-services. What do we need to do to address it? The potential negative consequences on the information society are clearly unacceptable. We need to combat spam on all fronts: on the legal front, on the technical front, and on the social and educational front. I have decided to convene a workshop with all interested parties and stake-holders in October to listen to their concerns and try and agree a series of actions on these various fronts, some of which I want to outline today.These actions will be included in a Communication that I will propose for adoption by the Commission in the autumn. Outline of Actions to fight Spam The fight against spam is a fight on many fronts. First there is the Legal Front On the legal side, unsolicited commercial e-mails must be outlawed. I am pleased to say that Europe has been a first mover here. We now have legislation prohibiting spam, the Directive on Privacy and Electronic Communications, which was agreed by the Council and Parliament last year and has to be transposed by all EU Member States by the end of October this year. Without going into the details, I will just recall that we have chosen for an opt-in system based on prior consent and applicable to e-mails, SMSs and MMSs without distinction. We think this is a good approach because the opt-in respects users' privacy and consumer choice. Also, permission-based e-mails seem to be very efficient in terms of marketing. This regime is intended for marketing to individuals, but Member States can extend it to business-to-business direct marketing. Senders must also provide their identity and a valid return address to opt-out even when they have opted-in. It is now for Member States to live up to their commitments and respect this deadline. Despite its deterrent effect, adopting national legislation is not enough, however. Member States will have to make the enforcement of the opt-in a priority. It must be a priority for them to prosecute wrongdoers that are operating within that country. This may be tricky - because it is not obvious to trace spammers. In addition, there is the international dimension of much spam. But this is often the case with the Internet and other global issues. This implies co-operation among public authorities in the EU and outside the EU. I will come back to this international dimension later on. But the first message should be: every country must do its part of the job and clean up its own house. Stephano Rodota, currently the President of the Italian Data Protection Commission and the Chairman of the Article 29 Data Protection Working Party, will tell you more about how national authorities intend to follow-up this opt-in regime at the briefing after my presentation. At the same time, while legislation and effective enforcement are an essential, first step, it is only part of the answer to spam. Second, there is the Technical and Industry Front Industry has also a crucial role to play in this fight. Thanks to the prohibition of unsolicited commercial e-mails, Internet service provides or "ISPs" - now have greater legal certainty to filter out spam. Industry must provide software facilities which block as effectively as possible unwanted e-mails, SMSs and other MMSs. Subscribers should be offered the possibility to filter spam or have spam filtered as a basic customer service. While software developers and Internet service providers have a specific role in this regard, technical solutions also imply securing servers and relays to make the distribution of spam more difficult. EuroISPA, the European Association of ISPs will explain in more detail how they tackle this problem. Third, there is the Awareness and Education Front Next to legislation and technical solutions, consumer awareness and education will be central. Individuals have been empowered by the opt-in regime. They have to take their responsibility when using the Internet and passing personal data. But for this to happen, first they must be aware of the basic rules applicable to unsolicited commercial e-mails, and they should be able to identify acceptable marketing practices. Second, they should also know how to prevent spam, what software is on the market and also what professionals can do for them, be it their ISPs or other interested parties. Third, they should know to whom they can report and to what bodies or authorities to complain to when confronted with unacceptable practices. It would be wrong to assume that these education and awareness actions are only for public authorities to do: industry and consumers associations can also take an active role. I am pleased to note that some major industry players have understood the importance of this consumer dimension and have recently launched awareness and education campaigns with precisely this objective in mind. Awareness actions should also be targeted at industry itself, e.g. direct marketers, content providers, and communications services providers including in the mobile sector. Industry should know what marketing practices are acceptable and what is not acceptable. Industry codes of practices, with effective sanctions, can certainly contribute to that objective. Before I conclude, allow me to come back to the international dimension that I mentioned earlier on: Spam is very much a global problem that needs to be tackled globally. And finally there is the International Co-operation Front The international dimension of spam is reflected in the broad scope of the new Directive: spam will be banned as of the end of October 2003 on all public EU networks, regardless of where the spam originates. Because much spam comes from outside the EU, international co-operation both within the EU and with third countries, will be essential for any system to be sufficiently effective. The first objective is to make sure that also in third countries there is legislation in place, as well as the willingness to enforce it. I was happy to see during my visit to Washington last month that the United States is now seriously working on legislation to combat spam and is considering spam as one of the major challenges for the Internet. Also, I am pleased to see that Australia has clearly indicated its intention to adopt an opt-in system similar to the EU, and to co-operate internationally. I can only stress that the more similar these laws will be, the better international enforcement will work. The second objective will be to co-operate effectively on enforcement. While enforcement in Europe lies with individual Member States in the first place, we have also a strong interest in international co-operation and we will strongly promote it. I discussed this with my US counterparts during my recent visit there and we all agree that this is an important issue on which we need to compare notes and co-operate. Multilateral forums like the OECD can also play an important role in this regard. And that is why I have proposed to host an OECD seminar on spam to be organised in Brussels in January 2004, and I hope that we will be able to promote the adoption of guidelines for the benefit of all countries. That is also why the EU has asked that the issue of international co-operation in the fight against spam be included in the Action Plan to be agreed at the forthcoming World Summit on The Information Society to be held in Geneva on 10-12 December this year. We need to fight this issue together. Conclusion Combating spam implies fighting on many fronts, with effective legal and enforcement actions, technical actions, awareness and education actions and finally - international co-operation will also be critical. I can only emphasise one element: there is no silver bullet against spam. Combating spam is a matter for all. Spam has already had a damaging impact on individuals and professionals. We should not allow spam to undermine the benefits of the information society. ---------------------------------------------------------------------------- ------------ Questions and Answers on Spam and the EU Opt-in Regime DN: MEMO/03/147 Date: 15/07/2003 TXT: EN PDF: EN DOC: EN MEMO/03/147 Brussels, 15 July 2003 Questions and Answers on Spam and the EU Opt-in Regime (Per HAUGAARD) Can you explain the new 'opt-in' regime in short? The EU Directive on Privacy and Electronic Communications(1) requires Member States to prohibit by the end of October 2003 the sending of unsolicited commercial communications, or spam, by e-mail or other electronic messaging systems such as faxes, SMS and MMS unless the prior consent of the addressee has been obtained (opt-in regime).(2) Moreover, direct marketing messages by e-mail or SMS may not conceal or disguise the identity of the sender. They must also include a valid address to which recipients can send a request to cease such messages. The opt-in regime is mandatory for any e-mail, SMS or fax addressed to natural persons. It is optional with regard to legal persons. Some Member States have chosen to extend the opt-in system to legal persons, other may use an opt-out system. What about existing customers? The only exception to the opt-in regime is in cases where contact details for sending e-mail or SMS messages have been obtained in the context of a sale. Within such an existing customer relationship the same company may use them for the marketing of similar products or services as those it has already sold to the customer. Nevertheless, even then the company has to make clear from the first time of collecting the data, that they may be used for direct marketing and should offer the right to object. Moreover, each subsequent marketing message should include an easy way for the customer to stop further messages. How will Member States enforce this opt-in? Member States must ensure that sanctions and judicial remedies are in place for infringement of any of the provisions of national law implementing this Directive and create possibilities for victims to claim damages, in accordance with the General Data Protection Directive(3). Complaints can generally be lodged with the national Data Protection Authorities that exist in every country. See the list of such authorities at: http://europa.eu.int/comm/internal_market/privacy/links_en.htm#europe. When will this opt-in regime be in place? The date for transposition is 31 October 2003. Member States are in the process of transposing. Note that a number of Member States had already implemented an opt-in approach with regard to unsolicited commercial e-mail under the predecessor of the current Directive. Nevertheless, existing national opt-in legislation may need to be adapted to the specific details as laid down in the new Directive. (1)Article 13 of Directive 2002/58/EC of 12 July 2002 on Privacy and Electronic Communications ( HYPERLINK http://europa.eu.int/information_society/topics/telecoms/regulatory/new_rf/documents/l_20120020731en00370047.pdf http://europa.eu.int/information_society/topics/telecoms/regulatory/new_rf/documents/l_20120020731en00370047.pdf) (2)For voice telephony marketing calls, other than by automated machines, Member States may also choose between an opt-in or an opt-out approach. (3)Directive 95/46/EC.