The System Administrators' Guild of Ireland welcomes the opportunity to comment on the draft Regulations on Data Protection & Privacy, and thanks the Minister for Communications, Marine and Natural Resources for his prompt publication of the draft Statutory Instrument. 1. Definitions The draft refers to "unsolicited communication for the purpose of direct marketing". This does not cover all unsolicited commercial email (UCE, or "Spam") - some messages purport to be of an advisory/informational nature. 2. Opt-in for non-natural persons "Opt-in" is proposed for natural persons. However, much UCE is received by role accounts (postmaster, abuse, info, sales, etc.) and mailing lists, and this appears to fall under the "Opt-out" provisions which apply to "a subscriber, other than an individual". This appears to contradict the guidance notes, which state that "spamming will be prohibited except with respect to subscribers who have indicated that they want to receive unsolicited e-mails..." It can be difficult to determine whether an email address represents a natural person, a mailing list or a role account : the "opt-out" protection should be extended to all subscribers. 3. Acknowledgement of opt-out The draft states that in the event of a subscriber "opting-out", the person so notified of this action must acknowledge receipt of such instructions "as soon as practicable following receipt of such a notification". This is too vague : a period of time such as "within 10 working days" should be specified. 4. Double opt-in Whether maliciously or mistakenly, the email addresses of a subscriber can be added to the list(s) maintained by those sending UCE without the subscriber's permission, giving the illusion of the subscriber "opting-in". It is possible to mitigate this risk by sending an email to the subscriber asking for confirmation of their intent to join the list(s), with no list addition taking place until such a confirmation has been received by the list owner. 5. Resale of mailing lists/contact information The unauthorised sale and transfer of lists of email addresses is rife among persons sending UCE. This is not addressed by the current draft.