EUâs Email Edict Enforcement Enfeebled | DMA

Filter By

Show All
X

Connect to

X

EUâs Email Edict Enforcement Enfeebled

T-55cdf90ebeeb1-chains_55cdf90ebedc4-2.jpg

Email regulation has been forgotten at the back of the shed and the modern day emailing environment doesn’t help. You probably cannot remember the last time a company was fined for email non-compliance with the Privacy and Electronic Communications Regulations (PECR), yet email spam still accounts for 56%-66% of all email traffic. So why isn’t everyone kicking off about it like we have about nuisance calls?

For a start, calls are not like emails. When a phone rings, you are compelled to answer and it becomes your top priority even if you don’t know who it is. Your surprise and disappointment when you realise the phone call is not an important message has a different emotional impact than it does with emails. On the other hand, calls and emails still face a similar problem. Charlie McKelvey of DecisionMarketing.com says the barriers to complaint reporting are still too high, and it is having an impact on effectiveness. But one of the reasons why there has been much publicity around nuisance calls and texts is because, although only 2% of people actually complain about them, the Information Commissioner’s Office (ICO) racked up over 60,000 complaints pretty quickly. But these will have come from the Which? Taskforce’s and the Telephone Preference Service (TPS) complaint pages, not the ICO. To complain about emails there is only one place to go, and most internet users don’t even know who the ICO is, let alone understand if an email they have received is breaking the law or not.

In email, there already is an effective way of dealing with inbox items that are unwanted. ISPs (Yahoo!, Outlook, Google, etc.) and mail client providers have taken the internet’s spamdemic into their own hands and have encouraged easy methods for their users to report spam. Not only does this satisfy the end-user’s need to vent, it does a good enough job at punishing those who are likely to be breaking data protection regulations.

But an email gill net doesn’t benefit the industry. For businesses, this means competitors (or even suppliers!) can operate email marketing by contravening regulations without penalty from the law. To make it perform well, all they need to do is play the numbers game to maximise inbox penetration (see Spamhaus’ glossary for details). And what they end up with is a list of real and engage-able email addresses, albeit illegally processed, that they are able to email without the risks of being booted by their premium ESP. For regulators, the only user complaints they receive will be from vigilante fundamentalists with too much time on their hands. Botnets and professional spammers will continue to run rampant, but only muted by the smart-enough ISPs. And as no one is being penalised for unlawful practices, the credibility of the regulations and those enforcing it diminishes.

ISPs need to play a key role in enforcing legislation. Now, I know this has been said before, but it is clear that the current anti-spam measures do nothing to enable law enforcement. What if all spam reports from ISPs were forwarded to a centralised complaints centre? This could allow a regulating body to deal with grouped complaints by order of severity. Reporting would be done in the same way an IP associated feedback loop service for email complaints works. For any spam report whose sender IP is registered at RIPE, the ISP will send an ARF type mail to an EU body entrusted to handle all these complaints. These are then processed and shared with the regulating bodies of the EU countries, like the ICO in the UK. And there is no reason why this couldn’t be extended for domains or even incorporated within DMARC framework.

Until the industry in Europe starts seeing more incidents akin to Canadian Radio-television and Telecommunications Commission’s enforcement of anti-spam laws on Plentyoffish Media Inc. and Porter Airlines Inc., we are unlikely to see spammers and businesses with bad practices take much notice of data protection laws. The onus must lie with those receiving the majority of email traffic and some initiative from those regulating it. Not doing so, in my opinion, is irresponsible. Because utilising the already effective and unanimous spam reporting features that ISPs have spent so long perfecting, is guaranteed to produce the information needed to take action against those who spam us most.

Please login to comment.

Comments