The 2002 Directive set out new rules to deal with unsolicited commercial e-mail, cookies and other privacy issues in electronic communications and was due to be implemented throughout the EU by 31st October 2003.
Denmark and the UK are two of only six member states to have put appropriate measures into place to implement the EU law. The Commission announced in December that it was beginning infringement proceedings against the other nine member states.
According to Reuters, the case was brought by Denmark's National Consumer Agency against Aircom Erhvery ApS for the sending of more than 15,000 spam e-mails. The court held that Aircom had breached the regulations and fined the company Danish Crown 400,000.
Jane Frederikke Land, acting for the Consumer Agency, told Reuters:
"We are very pleased with the judgment, which we expect will have a preventative effect on the practice of sending unsolicited e-mails to both private consumers and companies."
While reports of the Danish case refer to criminal proceedings, any proceedings in the UK under its implementing Regulations would not, at least initially, be criminal. Instead, the most likely course of action is for the Information Commissioner to issue an enforcement notice telling the spammer to stop its activities. Failure to comply with an enforcement notice becomes a criminal offence, so that's when the spammer could get a fine.
Individuals could bring an action in the UK against a spammer, but they would need to show damage and would only be entitled to compensation for that damage – so the best way for individuals to use the law against spammers is to report spam to the Commissioner or to attempt a class action lawsuit where several consumers each suffer a small quantity of loss that in aggregate could amount to a significant award of damages against a single spammer.