European DB-law was: Re: SpamWhack
- Date: Mon, 22 Jan 2001 10:15:09 +0100
All,
European DB law (actually: privacy recommendation) does not list anything on
hashing or encrypting data, it does - afaik - not even matter whether a
database is public access or
private.
Iho there are three conditions to allow an insert in any database (and
everything is a database) :
1. notification of insertion in database
2. notification of purpose of database
3. and this is the interesting point: be offered the right of resistance
(in spammers terms: unsubscribe mechanism)
So, if an organization were to insert me in their spamming archives, all I
need to do is formally notify them of my wish to be removed from that
register.
If the anti-spamming organization does not respond in adequate fashion (by
removing and informing me of removal) they are in violation of the law in
most european countries and they 'violate' the EU directive.
Lastly, let me point out an interesting paradox in the removal mechanism,
also relevant to spamming:
If someone indicates that he does not want to be in my direct marketing
database, can I then insert him in my 'unsubscribes' (opt-out) database?
Do I have to inform him of this transaction? Can he refuse?
If he resists of being inserted in the unsubscribes database, may I insert
him in the
'unsubscribes resistance' database? And so forth: a classical Droste
paradox.
Further, can I be held liable for re-inserting persons in the original (DM)
database who have resisted to be inserted in my unsubscribes database? If
so, Catch-22 arises.
This discussion may seem a bit abstract to you, maybe, but take a look at
e.g. www.yesorno.nl to see that the fancy 'unsubscribe' , 'opt-out/in-mixes'
and more worryingly, the
'opt-out-but-remain-silent-and-be-spammed-legally-forever' systems are being
deployed as we speak.
---------------
RIPE-ANTI-SPAM-WG should iho take the lead in controlling the (European
arena wide) centralized unsubscribe database for spammers to dedupe their
addresses with. This is a much better solution than having a - probably
illegal - database with all the spammers in it for the ISPs - also take into
acct. the respected Mr. Beertemas numerous remarks in this list on the
dangers of false-positive spam-tests in mailfilters.
For the Netherlands this register is in the hands of the DMSA (Direct
Marketing Stichting Associatie), an organization to which all 'official'
direct marketeers in NL are a member (and large companies won't market with
non-official organizations). It is a system of self-regulation. However, the
e-Direct-Marketeers are not all a member of this organization, and
amateurism still rules the eDM-services marketplace...
My organization would take pride in carrying the 'RIPE-approved' logo and to
adhere to a reasonable set of standards and regulations laid out by an
official organization like RIPE.
Sincerely yours,
Thijs Cobben
Chief Technology Officer
The Internet Address Generator at inadge.com
