Fighting spam, spyware and malicious software: Member States should do better, says Commission
European Commission - IP/06/1629 27/11/2006
Brussels, 27 November 2006
The Commission today called on all regulatory authorities and stakeholders in Europe to step up the fight against spam, spyware and malicious software. Despite existing EU legislation to outlaw spam in Europe, Europe continues to suffer from illegal online activities from inside the EU and from third countries, the Commission underlines in a new Communication. The Communication stresses that although internet safety is on the political agenda for some time, national authorities should step up their actions to prosecute illegal online activities.
"It is time to turn the repeated political concern about spam into concrete actions to fight spam," said Viviane Reding Commissioner for Information Society and Media. "In line with EU legislation outlawing spam, the Dutch authorities have managed to cut domestic spam by 85% - I'd like to see other countries achieving similar results through more efficient enforcement. I will revisit this issue again next year to see whether additional legislative measures against spam are required."
Massive volumes of unsolicited email are still being sent: Security firms Symantec and MessageLabs estimate that spam is between 54% and 85% of all email. In 2005 Ferris Research estimated spam to cost €39 billion worldwide while Computer Economics calculated malicious software to cost €11 billion globally. While the very latest figures from Sophos say 32% of relayed spam came from Europe with Asia leading at 34%.
From being a nuisance, unsolicited email has become increasingly fraudulent and criminal. Criminals are luring users into revealing their sensitive data and finances via so-called "phishing" emails. Privacy is at risk because spyware, spread by email or software, tracks and reports on users' behaviour. In turn concern about these risks is seriously restricting the growth of legitimate online services.
The new Communication on Spam acknowledges that legislative tools to fight these threats already exist, in particular the EU-wide “ban on spam” adopted in 2002 as part of the ePrivacy Directive (see IP/03/1015). However, implementation is still a problem in most EU Member States. To improve, they should now lay down clear lines of responsibility to use the tools available under EU law effectively. Because of the criminal trend in spam and its cross border aspects, good cooperation between enforcement authorities is paramount. In the Commission's view, spam fighters should have sufficient resources. The Dutch fall in spam was achieved through prosecutions by spam fighter OPTA, with just 5 full-time employees and €570,000 invested in equipment.
The Communication calls on industry to cooperate fully, by applying proper filtering policies and assuring good online commercial practices in line with data protection law. In Finland, such filtering measures reduced spam from 80% to 30%.
The Commission will reinforce further its dialogue and cooperation with third countries, high on the list of spam sending countries. The US and the EU have agreed to cooperate to tackle spam through joint enforcement initiatives, and explore ways to fight against illegal spyware and malicious software. For Asia the Commission issued a Joint Statement on International Anti-spam Cooperation, adopted at the ASEM conference on eCommerce in 2005 (see IP/05/210).
The Commission will also revisit the legislative framework when it will introduce legislative proposals to strengthen user privacy and security in 2007. The proposals may oblige service providers to notify security breaches that led to personal data loss and/or to interruptions of service supply. National regulatory authorities would have the power to ensure operators implement adequate security policies. Member States would need to ensure that any person or organisation with a legitimate interest in combating infringements under the ePrivacy Directive may take legal action and bring them before a national regulatory authority.
The new Commission Communication on spam is published at :
The latest Sophos figures (from 6 November) show where action is most needed.
Sources of spam: Worst twelve countries: