[Ecommerce] FYI: Legislation in Europe on spam, cookies, data retention

Manon Ress mress@essential.org
Thu Jan 31 10:59:01 2002 

January 30 pm edition. Technology Daily
European Privacy Directive Clears Hurdle, Faces More
by William New 

Draft legislation that would update the European Union's governance of
the privacy of personal data in electronic communications moved nearer
its final form as the European Council approved its version this week. 

The council's adoption of a common position on the draft legislation
without changes sends it back to the European Parliament, which has
divergent views on at least three areas. 

For instance, the council and the European Commission, the European
Union regulatory body that initiated the legislation, support an
approach for unsolicited e-mail and voice communications that would
require consumers to "opt in" before their personal information could be
shared. The parliament, by contrast, has shown support for a
"non-harmonized" approach, meaning that each of the 15 EU countries
could choose their own approaches. 

The legislation would require that people give their consent to
receiving unsolicited direct-marketing pitches from automated calling
systems. Also, the sender's identity would have to be clear. 

"This could be fairly significant," said Christopher Kuner, partner at
Morrison & Foerster in Brussels. "If they have mandatory opt-in [rules]
for e-mail, it could  have fairly serious repercussions for marketers." 

The council also followed the commission's opt-in approach on the use of
directories of subscribers. The legislation would ensure that
subscribers are informed about the use of published directories
available to the public, and that they have the right to exclude their
data.
 
The third area of divergence is on the use of "cookies," a technological
tool used to gather and store information about users when they visit a
Web site. While the council recognized the legitimate business use of
such tools, it decided that their use should be conditioned on "clear
and precise" prior information about their purposes, with a right of
refusal by users. 

Informing users before they even get to a Web site could be difficult,
Kuner noted. Business groups still hope they can topple the cookie
provision through pressure on members of parliament, where support is
soft, sources said. 

Another carefully watched issue is the retention of data. There is a
national security exception to the provisions in the council's version
of the bill. "To this end,  the member states may ... provide for the
retention of data for a limited period" with proper justification, the
draft states. The length of time remains to be defined, an EU official
noted. 

The council made its decision on the draft legislation at its general
meeting on Monday. Luxembourg voted against it.  The action moves the
legislation back to parliament, which has 60 days for its second
reading. If parliament does not approve the council version, the two
sides must resolve differences in conciliation. At the most, the law
should be completed by  mid-year, sources predicted.  Lobbying on the
issue, which already has been heavy, is expected to pick up in the
coming months, a source said. 

                     
-- 
Manon Anne Ress
mress@essential.org, voice: 1.202.387.8030