Despite existing EU legislation to outlaw spam, Europe continues to "suffer from illegal online activities from inside the EU and from third countries," the Commission said in an announcement on Tuesday. It wants national authorities to step up their actions to prosecute illegal online activities.
"It is time to turn the repeated political concern about spam into concrete actions to fight spam," said Viviane Reding, the Commissioner for Information Society and Media.
"In line with EU legislation outlawing spam, the Dutch authorities have managed to cut domestic spam by 85 percent," Reding added. "I'd like to see other countries achieving similar results through more efficient enforcement. I will revisit this issue again next year to see whether additional legislative measures against spam are required."
The Commission acknowledged that spam has gone from being a nuisance to a major conduit of criminal activity, which is damaging legitimate online services. Spam e-mails can contain links to phishing sites that attempt to trick people into revealing sensitive financial details, or links to sites hosting malicious software, such as keyloggers or other spyware.
Legislative tools to fight these threats exist, the Commission said. The ePrivacy Directive contains a ban on spam, but implementation is still "a problem" in most EU member states. In the U.K., for example, the office of the Information Commissioner, which must enforce the directive, has warned that it doesn't have enough power to fight spammers.
The Commission called on governments to lay down clear lines of responsibility to use legislative tools, and on police to form more efficient cross-border, cooperative relationships.
The Commission also called on Internet service providers (ISPs) to apply proper filtering policies and asked e-businesses to assure good online commercial practices in line with data-protection laws.
In its announcement, the European body pledged to further its dialogue and cooperation with non-EU countries that rank high on the list of spam-senders.
In addition, it promised to reexamine the legislative framework when it introduces security and privacy legislation proposals in 2007. Under the proposals, service providers may be obliged to notify regulators of security breaches that lead to personal data loss or interruptions of service supply. National regulatory authorities would have the power to ensure that operators implement adequate security policies.
"Member states would need to ensure that any person or organization with a legitimate interest in combating infringements under the ePrivacy Directive may take legal action and bring them before a national regulatory authority," the EC said in a statement.
Tom Espiner of ZDNet UK reported from London.