Directive 2002/58/EC, the directive on privacy and electronic communications, was transposed into Irish law on 6 November 2003 by the Electronic Communications (Electronic Communications Networks and Services) (Data Protection and Privacy) Regulations 2003, S.I. No. 535 of 2003. The regulations provide for restrictions on unsolicited direct marketing by telephone, fax, automated calling systems, e-mail, SMS and MMS.
One effect of the transposition was to make it illegal within the EU to send unsolicited commercial e-mail, UCE, to individuals-natural persons. Spam, unsolicited e-mail marketing, sent to individuals, with a limited exception, covering existing customer relationships, is only allowed with prior consent. The regulations also provide for enhanced protection for business users.
Monitoring compliance with these new EU regulations with regard to controlling the creation of spam e-mails is a function of the Data Protection Commissioner's office. I have no function in this matter. Recipients of spam originating in the EU can contact the Data Protection Commissioner's office, with whom responsibility for investigating suspected breaches of the regulations lies.
Summary proceedings for an offence under the regulations may be brought and prosecuted by the commissioner. The maximum fine on conviction for such an offence is €3,000. The sending of each offending message constitutes a separate offence. Under draft primary legislation currently being prepared in my Department, breach of these regulations and all communications regulations could constitute an indictable offence.
Due to the global nature of the problem of spam the solution lies in international co-operation. My Department and the Data Protection Commissioner's office have participated in events at EU, OECD and international levels in a bid to develop a solution. I have raised the matter on a number of occasions at different fora.