Navigation path

Left navigation

Additional tools


Brussels, 8 October 2009

More action needed to fight spammers and protect online privacy, says Commission report

The European Commission today has repeated its call for EU countries to do more to tackle online privacy threats to the public. A Commission-funded study published today found that although in recent years several EU countries have taken some measures to enforce Europe's ban on spam, including fines for spammers, the number of prosecuted cases and sanctions imposed on lawbreakers vary considerably. The study confirms the need for the legislative improvements proposed under the reform of the EU's Telecoms rules ( MEMO/09/219 ): clearer and more consistent enforcement rules and dissuasive sanctions, better cross-border cooperation, and adequate resources for national authorities in charge of protecting citizens' online privacy.

" Today's figures show that several EU countries are doing more to enforce online privacy rules. However, spam is an area where we can and must improve for the benefit of internet users in the EU ," said Viviane Reding, EU Commissioner for Information Society and Media. " Although since 2002, European law has prohibited spam and spyware, on average 65% of EU citizens are still affected by spam on a regular basis. We need to step up our fight against spammers and make sure that the EU adopts legislation that provides for strong civil and criminal sanctions against spammers. I call on EU countries to reinforce their national efforts to fight on-line privacy threats such as spam, spyware and malicious software. If we can end the spam plague within Europe we will set the example for our neighbouring countries and other parts of the world which are as responsible for spam we receive in Europe. "

The main findings of the study published today by the European Commission indicate that:

  • Almost all EU countries now have one or more websites where citizens can find information or make a complaint if they become a victim of spam, spyware or malware;

  • An analysis of more than 140 enforcement cases from 22 Member States shows considerable differences between the number of cases per country and the fines imposed. The highest numbers of cases were reported in Spain (39), Slovakia (39) and Romania (20). The highest fines were imposed in the Netherlands (€1 000 000), Italy (€570 000) and Spain (€30 000). However, spammers in countries such as Romania, Ireland, and Latvia received modest fines ranging from hundreds to several thousand Euros.

  • A successful approach to fighting online threats requires a combination of prevention, enforcement and raising public awareness. Public authorities (such as telecoms regulators, data protection and consumer agencies and law enforcement bodies) must have clear responsibilities and cooperation procedures between themselves; while public and private sector must also work together. The level of cooperation differs strongly between EU countries. Cooperation agreements exist in Belgium, Cyprus, Estonia, France, Germany, Italy, Latvia, Lithuania, the Netherlands, Romania and the UK, while Luxembourg and Malta, for example, rely on informal cooperation.

  • Spam is a global problem. More international cooperation, both within the EU and worldwide, is necessary to tackle spam.

  • EU countries should allocate sufficient resources to national authorities in order to gather evidence, pursue investigations and mount prosecution in this field.

The reform of the EU's telecoms rules proposed by the Commission (and currently being finalised by the European Parliament and the Council) would provide conditions for a better enforcement of privacy rules. A new provision in the EU telecoms rules requires that penalties for breaking national laws on online privacy should be effective, proportionate and dissuasive. It further obliges EU countries to allocate the necessary resources to national enforcement authorities.

The new rules will also enable national spam fighters to join the European network of authorities that enforce consumer protection laws and private organisations such as internet service providers will be entitled to take legal action against spammers that abuse their networks. At the same time, the European Commission is negotiating an agreement with the US on cross border cooperation in the enforcement of consumer protection laws. Industry figures show that 1 in 6 spam e-mails are sent from the US. Under the reformed telecoms rules, cooperation on spam will be included in the scope of the EU-US agreement.

Background information:

In May 2009, the Commission launched the eYouGuide giving practical advice on the "digital rights" consumers have under EU law. In this context Commissioners Reding and Kuneva presented a future " Digital Agenda" for Europe's consumers which identifies the fight against spam as an area for possible EU action, notably through similarly effective sanctions in all EU Member States and neighbouring countries ( IP/09/702 ).

Practical cooperation between enforcement authorities and the private sector will be discussed in Lisbon from 7 – 9 October 2009 at the CNSA/LAP workshop on spam fighting .

Today's study, including assessments of progress in each EU country, links to national data protection authorities' websites in Member States where you can complain about spam, spyware and malware:

Flash Eurobarometer Confidence in the Information Society: x_en.htm


Figures and graphics available in PDF and WORD PROCESSED
Source: Flash Eurobarometer on confidence in Information Society of May 2009, p.23

Examples of sanctions imposed at national level in the past years.

Czech Republic

  • the data protection authority imposed fines in total of around €15 000 EUR in 2007


  • a Danish commercial court imposed a fine of around €270 000 for mobile spam

  • as a result of legal action undertaken by the Danish Consumer Ombudsman, Danish companies were fined respectively around €13 330, €2 670, €1 330, €670 and €1 330 in 2008

  • in 2009, a fine of around €3 330 has been metered out by the court to a Copenhagen nightclub for unsolicited text messages containing information about events etc. taking place at the nightclub


  • conviction for writing malicious software, including use of spyware and spam

  • sentenced to 7 months in prison, later commuted to 162 hours of community work


  • numerous cease and desists orders of district courts and higher courts threatening the defendant with administrative fines not exceeding €250 000,00, alternatively arrest for contempt not exceeding 6 months; often also conviction to pay fine of €2 500,00 for each violation of the cease and desist order

  • court orders actually imposing these fines are not publicized


  • imposition of a fine of €20 000 for sending spam to random mobile numbers


  • in 2007, a total sum of around €6 400 was imposed

  • in 2008, this amount was 10 times higher (the maximum fine is 500.000 HUF) : one spammer was fined seven times with a total sum of fines amounting to 1.6 million HUF (around €5 333 at the time of this Study)


  • the data protection authority applied two fines for mobile spam (one of €2 000 EUR in 2008 for sending 6 text messages)


  • in 2008, the data protection authority imposed a fine of €570 000 EUR on an SMS spammer

  • in 2004, the Naples court of peace sentenced a spammer to a fine of €1 000

  • in 2002-2003, the data protection authority issued a number of decisions ordering to stop the sending of spam

  • an Italian court of appeal sentenced a sender of malware and spyware infected e-mail to a fine of €4 280


  • the data protection authority imposed fines in two cases for a total amount of €4 300


  • in 2008, the data protection authority applied administrative sanctions in 3cases; 2 of them were confirmed by the administrative court; 1 case is still pending


  • the consumer policy department ordered to cease infringement of consumer interests through spam


  • in 2008, the telecom regulator applied fines in 20 cases, ranging from €250 to €500

  • the data protection authority applied two fines for mobile spam (via SMS )


  • in 2008, the data protection authority imposed 39 fines for sending spam with a total of €85 500 as follows: € 81 100 for 34 e-mail spam cases (of which €30 000 for two serious e-mail spam cases) , €3 800 for 4 SMS spam cases and €600 for one fax spam case.

The Netherlands

  • in 2006, the telecom regulator imposed a fine of €75 000 for sending spam

  • in 2007, three Dutch companies were fined €1 000 000 for placing adware and spyware

  • in 2008, a spammer was fined €510 000

Side Bar