OECD Recommendation on Cross-Border Co-operation in the Enforcement of Laws against Spam
(adopted by the Council at its 1133rd Session on 13 April 2006)
Having regard to the Convention on the Organisation for Economic Co-operation and Development of 14th December 1960, in particular Article 5 (b) thereof;
Recognising that spam undermines consumer confidence, which is a prerequisite for the information society and for the success of e-commerce;
Recognising that spam can facilitate the spread of viruses, serve as the vehicle for traditional fraud and deception as well as for other Internet-related threats such as phishing, and that its effects can negatively impact the growth of the digital economy, thus resulting in important economic and social costs for Member countries and non-member economies;
Recognising that spam poses unique challenges for law enforcement in that senders can easily hide their identity, forge the electronic path of their email messages, and send their messages from anywhere in the world to anyone in the world, thus making spam a uniquely international problem that can only be efficiently addressed through international co-operation;
Recognising the need for global co-operation to overcome a number of challenges to information gathering and sharing, for identifying enforcement priorities and for developing effective international enforcement frameworks;
Recognising that current measures, such as numerous bi- and multilateral criminal law enforcement co-operation instruments, provide a framework for enforcement co-operation on criminal conduct associated with spam, such as malware and phishing;
Having regard to the Recommendation of the Council concerning Guidelines for Protecting Consumers from Fraudulent and Deceptive Commercial Practices Across Borders (hereinafter “Cross-border Fraud Guidelines”), which sets forth principles for international co-operation among consumer protection enforcement agencies in combating cross-border fraud and deception [C(2003)116];
Having regard to the Recommendation of the Council concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data [C(80)58] (hereinafter “Privacy Guidelines”), and the Ministerial Declaration on the Protection of Privacy on Global Networks [C(98)177];
Recognising that, in some instances, the Cross-border Fraud Guidelines and the Privacy Guidelines may apply directly to cross-border spam enforcement co-operation and that even where this is not the case, many of the principles expressed in these Guidelines can be usefully tailored to develop appropriate national frameworks and facilitate international co-operation to enforce laws against spam;
Recalling that, while cross-border enforcement co-operation is an important element in tackling the global problem of spam, it is necessary in this respect to adopt a comprehensive national approach which also addresses regulatory and policy issues, facilitates the development of appropriate technical solutions, improves education and awareness among all players and encourages industry-driven initiatives;
On the joint proposal of the Committee for Information, Computer and Communications Policy and the Committee on Consumer Policy:
For the purposes of this Recommendation, and without prejudice to other existing co-operation instruments “Spam Enforcement Authorities” means any national public body, as determined by each Member country, that is responsible for enforcing Laws Connected with Spam and has powers to (a) co-ordinate or conduct investigations or (b) pursue enforcement proceedings, or (c) both.
For the purposes of this Recommendation, “Laws Connected with Spam” means (a) laws specifically targeting electronic communications; or (b) general laws, such as privacy laws, consumer protection laws or telecommunication laws that may apply to electronic communications.
This Recommendation is primarily aimed at national public bodies, with enforcement authority for Laws Connected with Spam. It is recognised that some Member countries have many competent bodies, some of which are regional or local, that can take or initiate action against spam. It is also recognised that, in some Member countries, private enforcement bodies may play a very important role in ensuring enforcement of Laws Connected with Spam, including in cross-border situations.
This Recommendation covers cross-border spam enforcement co-operation only in areas where the conduct prohibited by the Laws Connected with Spam of the Member country receiving a request for assistance is substantially similar to conduct prohibited by the Laws Connected with Spam of the Member country requesting assistance. Co-operation under this Recommendation does not affect the freedom of expression as protected in laws of Member countries.
Co-operation under this Recommendation focuses on those violations of Laws Connected with Spam that are most serious in nature, such as those that (a) cause or may cause injury (financial or otherwise) to a significant number of recipients, (b) affect particularly large numbers of recipients (c) cause substantial harm to recipients.
In all instances, the decision on whether to provide assistance under this Recommendation rests with the Spam Enforcement Authority receiving the request for assistance.
This Recommendation encourages Member countries to cooperate in this area under any other instruments, agreements, or arrangements.
Member countries work to develop frameworks for closer, faster, and more efficient co-operation among their Spam Enforcement Authorities that includes, where appropriate:
a) Establishing a domestic framework.
Member countries should in this respect:
(i) Introduce and maintain an effective framework of laws, Spam Enforcement Authorities, and practices for the enforcement of Laws Connected with Spam.
(ii) Take steps to ensure that Spam Enforcement Authorities have the necessary authority to obtain evidence sufficient to investigate and take action in a timely manner against violations of Laws Connected with Spam that are committed from their territory or cause effects in their territory. Such authority should include the ability to obtain necessary information and relevant documents.
(iii) Improve the ability of Spam Enforcement Authorities to take appropriate action against (a) senders of electronic communications that violate Laws Connected with Spam and (b) individuals or companies that profit from the sending of such communications.
(iv) Review periodically their own domestic frameworks and take steps to ensure their effectiveness for cross-border co-operation in the enforcement of Laws Connected with Spam.
(v) Consider ways to improve redress for financial injury caused by spam.
b) Improving the ability to cooperate.
Member countries should improve the ability of their Spam Enforcement Authorities to cooperate with foreign Spam Enforcement Authorities.
Member countries should in this respect:
(i) Provide their Spam Enforcement Authorities with mechanisms to share relevant information with foreign authorities relating to violations of their Laws Connected with Spam upon request, in appropriate cases and subject to appropriate safeguards.
(ii) Enable their Spam Enforcement Authorities to provide investigative assistance to foreign authorities relating to violations of their Laws Connected with Spam upon request, in appropriate cases and subject to appropriate safeguards, in particular with regard to obtaining information from persons; obtaining documents or records; or locating or identifying persons or things.
(iii) Designate a contact point for co-operation under this Recommendation and provide the OECD Secretariat with updated information regarding their Laws Connected with Spam and the Spam Enforcement Authority designated as the contact point. The OECD Secretariat will keep record of this information and make it available to interested parties.
c) Improving procedures for co-operation.
Before making requests for assistance as foreseen in the previous paragraphs, Spam Enforcement Authorities should:
(i) Proceed to some preliminary investigative work to determine whether a request for assistance is warranted, and is consistent with the scope and priorities set forth by this Recommendation.
(ii) Attempt to prioritise requests for assistance and, to the extent possible, make use of common resources such as the OECD Website on spam, informal channels, existing international networks and existing law enforcement co-operation instruments to implement this Recommendation.
d) Cooperating with relevant private sector entities.
Spam Enforcement Authorities, businesses, industry groups, and consumer groups should cooperate in pursuing violations of Laws Connected with Spam. In particular, Spam Enforcement Authorities should cooperate with these groups on user education, promote their referral of relevant complaint data, and encourage them to share with Spam Enforcement Authorities investigation tools and techniques, analysis, data and trend information.
Member countries should encourage co-operation between Spam Enforcement Authorities and the private sector to facilitate the location and identification of spammers.
Member countries should also encourage participation by private sector and non-member economies in international enforcement co-operation efforts; efforts to reduce the incidence of inaccurate information about holders of domain names; and efforts to make the Internet more secure.
Where appropriate, Spam Enforcement Authorities and the private sector should continue to explore new ways to reduce spam.
INVITES non-member economies to take due account of this Recommendation and collaborate with Member countries in its implementation.
INSTRUCTS the Committee for Information, Computer and Communications Policy and the Committee on Consumer Policy to monitor the progress in cross-border enforcement co-operation in the context of this Recommendation within three years of its adoption and thereafter as appropriate.