Dear Roland, I am by no means sure that everyone would agree that it is - there is a school of thought that says that e-mail addresses in and of themselves are *not* necessarily personal data - i.e. if I have an address of [log in to unmask], this does not look like something that would fit the definition of PD in the DPA 1998 - similarly an e-mail address of [log in to unmask] is not necessarily: "data which relate to a living individual who can be identified- a) from those data," there may be dozens of acharlesworth's in the world... "or b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller," Without additional data, the e-mail address is arguably not personal data - and a spammer doesn't need (or care about) additional data at the time of sending the message. But see for a counter argument: Lilian Edwards, Canning the Spam : Is There a Case for Legal Control of Junk Electronic Mail? <http://www.law.ed.ac.uk/script/spam.htm> I have to say that I would personally prefer an interpretation that caught the use of e-mail addresses for spamming, but my preferences are not definitive law. It is also clear that some lawyers expected the UK Distance Selling Regulations to address the issue of spam, see for example: Youngerwood A and Mann S, 'Extra Armoury for Consumers: The New Distance Selling Regulations', Commentary 2000 (3) The Journal of Information, Law and Technology (JILT). http://elj.warwick.ac.uk/jilt/00-3/youngerwood.html In any case, if spam was made illegal by the Data Protection Directive or the Distance Selling Directive then why did the E-Commerce Directive need to *regulate* the way in which commercial e-mails may be sent, "Under the E-Commerce Directive, any unsolicited commercial communication sent by e-mail must be clearly and unequivocally identifiable as such as soon as it is received, and service providers must respect 'opt-outs' whereby persons not wishing to receive such communications can register their objection." and why did the Communications Data Protection Directive need to explicitly ban spam e-mail? This would surely suggest that the EU itself considered the protection afforded by the Data Protection Directive (and national implementing legislation) and the Distance Selling Directive (and national implementing legislation) is rather less than complete. Making the radical assumption that the Roland Perry participating in this discussion (presumably in a personal capacity) is the same Roland Perry as the Director of Public Policy at the London Internet Exchange (a totally neutral, not for profit partnership between Internet Service Providers) can I pose a question - does it make a significant difference to ISPs if spam is controlled by use of the Data Protection Directive rather than controlled by the E-Commerce Directive or by the Communications Data Protection Directive? Best wishes Andrew Quoting Roland Perry <[log in to unmask]>: > >as well as sending spam e-mails (not currently illegal) > > Yes it is!! By definition SPAM has to be unsolicited, and therefore > your > email address [which is personal data] has been both acquired and > used > in contravention to the DPA. > > What's more, SPAM is illegal under the Distance Selling Directive, > and > its relevant UK regulations [1], we don't have to wait for the newer > CDPD to arrive. > > [1] Which are silent about SPAM only because the DPA *already* made > it > illegal, so no new law was required. Andrew Charlesworth Senior Research Fellow in IT and Law Director, Centre for IT and Law Department of Law/Department of Computer Science University of Bristol Wills Memorial Building Queens Road Bristol BS8 1RJ ----------------------------------------------------- This mail sent through SilkyMail v1.1.7 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - www.jiscmail.ac.uk/user-manual/summary-user-commands.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^