JISCMail - DATA-PROTECTION Archives

Dear Roland,

I am by no means sure that everyone would agree that it is - there is a
school of thought that says that e-mail addresses in and of
themselves are *not* necessarily personal data - i.e. if I have an
address of [log in to unmask], this does not look like something that
would fit the definition of PD in the DPA 1998 - similarly an e-mail
address of [log in to unmask] is not necessarily:

"data which relate to a living individual who can be identified-
a) from those data,"

there may be dozens of acharlesworth's in the world...

"or
b) from those data and other information which is in the possession of,
or is likely to come into the possession of, the data controller,"

Without additional data, the e-mail address is arguably not personal
data - and a spammer doesn't need (or care about) additional data at the
time of sending the message.  But see for a counter argument:

Lilian Edwards, Canning the Spam : Is There a Case for Legal Control of
Junk Electronic Mail?
<http://www.law.ed.ac.uk/script/spam.htm>

I have to say that I would personally prefer an interpretation that
caught the use of e-mail addresses for spamming, but my preferences are
not definitive law.

It is also clear that some lawyers expected the UK Distance Selling
Regulations to address the issue of spam, see for example:

Youngerwood A and Mann S, 'Extra Armoury for Consumers: The New
Distance Selling Regulations', Commentary 2000 (3) The Journal of
Information, Law and Technology (JILT).
http://elj.warwick.ac.uk/jilt/00-3/youngerwood.html

In any case, if spam was made illegal by the Data Protection Directive
or the Distance Selling Directive then why did the E-Commerce Directive
need to *regulate* the way in which commercial e-mails may be sent,

"Under the E-Commerce Directive, any unsolicited commercial
communication sent by e-mail must be clearly and unequivocally
identifiable as such as soon as it is received, and service providers
must respect 'opt-outs' whereby persons not wishing to receive such
communications can register their objection."

and why did the Communications Data Protection Directive need to
explicitly ban spam e-mail?

This would surely suggest that the EU itself considered the protection
afforded by the Data Protection Directive (and national implementing
legislation) and the Distance Selling Directive (and national
implementing legislation) is rather less than complete.

Making the radical assumption that the Roland Perry participating in
this discussion (presumably in a personal capacity) is the same Roland
Perry as the Director of Public Policy at the London Internet Exchange
(a totally neutral, not for profit partnership between Internet Service
Providers) can I pose a question - does it make a significant difference
to ISPs if spam is controlled by use of the Data Protection Directive
rather than controlled by the E-Commerce Directive or by the
Communications Data Protection Directive?

Best wishes

Andrew

Quoting Roland Perry <[log in to unmask]>:

> >as well as sending spam e-mails (not currently illegal)
>
> Yes it is!! By definition SPAM has to be unsolicited, and therefore
> your
> email address [which is personal data] has been both acquired and
> used
> in contravention to the DPA.
>
> What's more, SPAM is illegal under the Distance Selling Directive,
> and
> its relevant UK regulations [1], we don't have to wait for the newer
> CDPD to arrive.
>
> [1] Which are silent about SPAM only because the DPA *already* made
> it
> illegal, so no new law was required.



Andrew Charlesworth
Senior Research Fellow in IT and Law
Director, Centre for IT and Law
Department of Law/Department of Computer
Science
University of Bristol
Wills Memorial Building
Queens Road
Bristol BS8 1RJ

-----------------------------------------------------
This mail sent through SilkyMail v1.1.7

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
    www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^