EC calls for concerted fight against spam

The European Commission has called on governments, regulators, ISPs and business to step up the fight against spam, spyware and malicious software.

Despite existing EU legislation to outlaw spam, Europe continues to "suffer from illegal online activities from inside the EU and from third countries", the Commission said in an announcement on Tuesday. It wants national authorities to step up their actions to prosecute illegal online activities.

"It is time to turn the repeated political concern about spam into concrete actions to fight spam," said Viviane Reding, commissioner for information society and media.

"In line with EU legislation outlawing spam, the Dutch authorities have managed to cut domestic spam by 85 percent — I'd like to see other countries achieving similar results through more efficient enforcement. I will revisit this issue again next year to see whether additional legislative measures against spam are required," Reding added.

The Commission acknowledged that spam has gone from being a nuisance to a major conduit of criminal activity, which is damaging legitimate online services. Spam emails can contain links to phishing sites that attempt to trick people into revealing sensitive financial details, or links to sites hosting malware such as keyloggers or other spyware.

Legislative tools to fight these threats exist, claimed the Commission. The E-Privacy Directive contains a ban on spam, but implementation is still "a problem" in most EU member states. In the UK, the Information Commissioner — which must enforce the directive — has warned that it doesn't have enough power to fight spammers.

The Commission called on governments to lay down clear lines of responsibility to use legislative tools, and on police to form more efficient cross-border co-operative relationships.

The Commission also called on ISPs to apply proper filtering policies, and e-businesses to assure good online commercial practices in line with data-protection laws.

The Commission itself has pledged to further its dialogue and co-operation with non-EU countries high on the list of spam-senders.

The Commission will also re-examine the legislative framework when it introduces security and privacy legislation proposals in 2007. Under the proposals service providers may be obliged to notify regulators of security breaches that lead to personal data loss or interruptions of service supply. National regulatory authorities would have the power to ensure operators implement adequate security policies.

"Member states would need to ensure that any person or organisation with a legitimate interest in combating infringements under the E-Privacy Directive may take legal action and bring them before a national regulatory authority," said the EC in a statement.