This article has been produced in three parts. Part I looks looks at anti-spam legislation in the UK, France and Sweden. Part II looks at The Netherlands and Italy and this article, Part III, looks at Germany and Belgium.
In Germany, the Directive on Privacy & Electronic Communications (2002/58/EC) has not yet been implemented. Although the intent was to consolidate data protection provisions for all electronic communications within one Act, due to constitutional reasons it is expected that we will see implementation in two separate pieces of legislation: For “tele” and “media services”, (which include e-mail), the Federal Legislator is likely to enact a Tele Media Data Protection Act. For broadcasting the Broadcasting States Treaty of the German states (“Länder”) will most likely refer to these new provisions. The Federal State and the Länder are still in negotiations. A first draft is expected in Q2 of 2004.
The provisions of Directive 58/2002 on spam will most likely be incorporated into the German Unfair Competition Act (“Gesetz gegen den unlauteren Wettbewerb”). A draft is currently before the Federal Parliament and the Legal Committee. The draft provides in Sect 7 para. 2 Unfair Competition Act for an opt-in regime for unsolicited e-mails, as is already the case under current law. The draft is available at .
As the precise mechanism for future implementation is not clear, this article deals purely with the current legal situation.
Current German law is governed by an opt-in regime for individual subscribers; direct marketing material may not be sent by e-mail to individual subscribers unless recipients have previously notified their consent.
The courts regard the sending of unsolicited e-mails as a breach of the general personality right according to Sect. 823 Civil Code and an act of unfair competition according to Sect. 1 Unfair Competition Act (cf. Regional Court of Traunstein NJW 1998, 1648; LG Hamburg WRP 1999, 250).
Therefore, as a rule, e-mail marketing is only lawful if the addressee has given his express prior consent. Implied consent is regarded as sufficient but only in limited circumstances. (The sending of an e-mail without express prior consent has been considered as lawful in a case in which an individual accessed a marketers database via the Internet for a certain time and paid a specific fee for the service (cf. Regional Court of Augsburg NJW 2000, 593)). However, this is unlikely to be upheld in other cases.
This raises the question as to whether consent must be given in any specific form. It is not clear whether a direct marketer can market straight away based on an e-mail address provided by subscriber, as it is possible that an incorrect address may have been provided. To avoid this, it may be necessary to send an e-mail to the address provided and obtain a reply back giving permission to market (a double, or confirmed opt-in).
The rules for e-mail marketing have also been applied to SMS marketing. According to a decision of the Regional Court of Berlin on 14 January 2003 (15 O 420/02), the disturbing and privacy breaching effects of a SMS are the same or even higher than of an e-mail. Therefore the Regional Court of Berlin regarded unsolicited SMS marketing as unlawful.
Practically, this means direct marketers should obtain written consent from the data subject. The consent should be carefully worded so that it is broad enough to cover the intended use. If the direct marketer is buying addresses, the form of consent given by the prospects should be carefully reviewed, as such use is only rarely covered adequately.
The opt-in rule also applies to corporate subscribers. It is regarded as an act of unfair competition according to Sect. 1 Unfair Competition Act and as a breach of established business operation according to Sect. 823 Civil Code. In general, the same assessment applies as for individual subscribers.
One deviation from the rule is that the requirements for implied consent for corporates are easier than for individuals. In the case of B2B marketing there is a better chance that a business relationship with the recipient justifies the sending of unsolicited e-mails than with individual subscribers (cf. Regional Court of Berlin NJW 1998, 3208). Lawfulness depends on the specific circumstances of the case.
E-mail opt –out registers
As German law is governed by the “out-in” concept, an “out-out” register for unsolicited commercial e-mails like that referred to in Article 7 of the Electronic Commerce Directive (2000/31/EC) is not required.
Practically such lists exist, of course. To avoid unsolicited e-mails and SMS an eRobinson list has been established by the Interest Association German Internet (I.D.I. Interessenverband Deutsches Internet e.V.). This list is available at . As most of the German spam originates in the US it is also recommended to register with the American Direct Marketing Association ().
No concealed identities
Under German law the identity of marketers may not be concealed when sending marketing e-mails. This applies to corporate and individual addressees. The reason for this lies in the fact that it must be possible to withdraw consent. Therefore a valid address to which the recipient can send the opt-out message must be provided.
The current draft of the new Unfair Competition Act also provides in Sect. 7 para. 2, that any e-mails with concealed identity will be unlawful.
German provisions on spam apply to data controllers in Germany. They also apply to data controllers outside Germany who send spam to recipients in Germany. This is because the tort occurs in Germany (cf. Federal Supreme Court GRUR 1971, 153, 154; 1998, 419, 420).
Prospects may seek compensation from the marketer for unlawful unsolicited e-mails. However, this requires the prospect to have suffered damage. Since physical or economic loss due to unsolicited direct marketing rarely occur and besides this, must be proven, such claims rarely succeed. Competitors may also bring a claim as unsolicited e-mails are an act of unfair competition.
Under German law, claims due to unsolicited e-mails may not only be directed at marketers but also at service providers. According to a very recent decision of 13 November 2003 (12 S 2595/03), the Regional Court of Leipzig ruled that a service provider was liable under Sect. 1 Unfair Competition Act because it was unable to provide information on the identity of the organisation which sent the direct marketing communication.
In addition to civil law claims, the Data Protection Authorities may address spam by investigation, order or even imposition of a fine.
The German section of this article was written by Jan-Peter Ohrtmann, Bird & Bird, Düsseldorf.
At this moment, Belgium has only partially implemented The Directive on Privacy & Electronic Communications. The spam provisions of the Directive were implemented by a Royal Decree of 4 April 2003 (hereafter “the Royal Decree”), which came into force on 28 May 2003 and which completed the general opt-in regime provided by the Law of 11 March 2003 on certain legal aspects of information society services (hereafter “the Law”).
Under article 14 of the Law, electronic mail may not be sent for marketing purposes without the free, prior, specific and informed consent of the recipient. The Royal Decree has provided exceptions to the opt-in regime for individual subscribers.
Article 1 of the Royal Decree provides for a conditional “soft opt-in”, i.e. a set of conditions under which providers do not need the prior consent of the recipients to send them electronic mail for marketing:
where the electronic contact details are obtained in the context of a sale of a product or service (as opposed to mere contacts), in accordance with data protection legislation
carried out by the same legal entity that obtained the individual’s details
limited to similar products and services
to individuals who were offered an opt-out when their details were first obtained and on each subsequent occasion.
Third party bought-in lists cannot be used on the basis of the soft opt-in. Other companies within the same group of companies are considered third parties (being other legal entities).
The soft opt-in rule is not limited to “consumers”, but applies to all persons, corporate and non-corporate.
The general opt-in regime does not apply to corporate subscribers if the electronic contact details do not contain any personal information, e.g. firstname.lastname@example.org.
This exception thus only applies to legal entities. It remains unclear which regime applies to associations that are not legal entities (which do not have a separate legal personality).
E-mail opt–out registers
Under article 14, §2 of the Law, the direct marketer must provide an effective means to opt-out. The Royal Decree provides that the marketer must keep an up-to-date list of recipients that have opted-out.
This opt-out register may be individual or general (a so-called Robinson-list).
No concealed identities
Marketers may not conceal their identity when they send or instigate the sending of marketing e-mails, whether to corporate entities or individuals. Equally, marketers must always provide a valid address to which the recipient can send an opt-out message.
Belgian legislation has not provided any transitional regime. The opt-in regime applies equally to new data collected after the entry into force of the Law and e-mail data collected before that date, i.e. to historic or “legacy” data. From a strict legal point of view, providers may only continue to use such legacy data for direct marketing to individual subscribers if they comply with the “soft opt-in”exemption.
In October 2003, the Belgian Data Protection Commission issued a (non-binding) statement in order to specifically highlight the omission of the Belgian legislator to regulate the issue of contact data collected before the entry into force of the Law. The Data Protection Commission proposed a pragmatic solution to the problem by suggesting that providers that had collected their data in a lawful and fair way prior to the entry into force of the Law should be allowed to use their existing contact lists one more time in order to offer their contacts the possibility to opt-in for future direct marketing e-mail. In its statement, the Data Protection Commission suggested a deadline of two months following the entry into force of the Law, i.e. 31 October 2003. This solution is intended to allow providers to maintain their existing databases (that are often the result of a considerable investment). The Data Protection Commission also issued standard wording for providers wishing to send such a final e-mail to their contacts before 31 December 2003.
A Belgian commercial court has recently been called to interpret the new opt-in regime for commercial e-mail. According to the court, the spam provisions of the Law are not meant to oblige providers to destroy all their existing prospects lists. On the contrary, Article 14 of the Law would implicitly authorise providers to continue to use the existing prospects lists for the sending of commercial e-mail after the entry into force of the opt-in regime of the Law.
Consequently, even under the new opt-in regime, providers would, according to this case law, be allowed to continue to send commercial e-mail to their existing e-mail contacts since all recipients should be considered to have accepted commercial e-mail prior to the entry into force of the opt-in regime. In other words, the fact that the recipients were on the mailing list of the provider at the time of the entry into force of the opt-in regime means that these recipients have not used their right to opt-out under the old regime. The court thus considered the absence of an opt-out to be the equivalent of an opt-in. It remains to be seen whether other courts will follow such an interpretation.
The territorial application of the opt-in regime is determined under the rules of the Law, providing a specific exception to the country of origin principle regarding commercial communications. This means that the opt-in regime applies to service providers located on Belgian territory as well as recipients located on Belgian territory.
The Law provides for several mechanisms, both preventive and curative, to ensure proper enforcement.
The Ministry of Economic Affairs supervises the application of the Law and may issue a warning to the service provider to comply with the Law or even impose a settlement fine in case of infringement.
In case of failure to comply with the Ministry’s warning or rejection of the settlement proposal, the Ministry may either launch “cease and desist” proceedings against the provider or transmit the file to the Public Prosecutor.
Cease and desist proceedings also can be initiated by other concerned parties, e.g. the recipient of the electronic mail or a competitor.
The Public Prosecutor may initiate criminal proceedings. Depending on the nature of the infringement, fines of EUR 500 to EUR 250,000 may be imposed by the Criminal Court.
Moreover, the courts may order the publication of the court order and an attachment of the profits obtained through the infringements.
The Belgian section of this article was written by Peter Van de Velde and Johan Vandendriessche, Bird & Bird Brussels.
 Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), Official Journal, L201 of 31 July 2002, 37
 Royal Decree of 4 April 2003 regulation advertising by electronic mail, Belgian State Gazette 28 May 2003.
 Law of 11 March 2003 on certain legal aspects of information society services, Belgian State Gazette 17 March 2003.
 There is currently a draft law pending in Parliament to expand the opt-in regime to pop-ups: Draft Law of 20 November 2003 modifying article 14 of the Law of 11 March 2003 on certain legal aspects of information society services, Belgian Senate, 2003-04, Nr. 3-355/1.
 Commercial Court of Nivelles, 26 November 2003, http://www.droit-technologie.org
 The Minister of Economic Affairs has designated officials to carry out the supervisory task: Ministerial Decree of 4 April 2003 designating the officials charged with supervising the infringements of the Law of 11 March 2003 on certain legal aspects of information society services, Belgian State Gazette 15 April 2003.
 Law of 11 March 2003 on certain legal aspects of information society services as described in article 77 of the Constitution, Belgian State Gazette 17 March 2003.
Important - The information in this article is provided subject to the disclaimer
. The law may have changed since first publication and the reader is cautioned accordingly.