CNIL checks on companies

Signal Spam is a national platform for reporting unsolicited e-mail in France. It is open to both private individuals and professionals. The aim is to list all categories of spam circulating on the network, and to identify their presumed authors. The latter will be liable to prosecution if found guilty of illegal data collection, counterfeiting, paedophilia or other offences. In its first year of existence, Signal Spam has recorded almost 30,000 registrations on its website. More than 4 million spam messages have been reported by Internet users.

Partnership between Cnil and Signal Spam

Signal Spam has been a partner of the Commission Nationale de l’Informatique et des Libertés (CNIL) since 2007. The aim is to penalize entities that deliberately send unsolicited e-mails or spam to Internet users’ inboxes. The mission of the Signal Spam platform is to report potential spammers to the Cnil, so that the latter can take legal action against them.

Despite the will of both parties, the fight against spam is becoming increasingly difficult. The use of botnets, or zombie machines manipulated remotely by hackers, doesn’t make their job any easier. The legitimate owners of these computers will become unwilling victims. In 2007, only one spam message in 10 reported to the Signal Spam platform came from French Internet users.

For several years now, Cnil has no longer been dependent on the French judiciary. It will be able to impose administrative sanctions and fines on alleged offenders arrested for spamming offenses on French territory.

Control of companies reported by Signal Spam

The partnership between Cnil and the Signal Spam platform continues. To combat spam more effectively, the association has decided to send the Cnil a monthly list of the spam campaigns most frequently reported by Internet users registered on the platform. For its part, the Cnil will be responsible firstly for locating the companies behind the spam, and secondly for verifying compliance with the conditions governing canvassing by e-mail, in accordance with the French Data Protection Act (Loi Informatique et Libertés).

The checks to be carried out by the will focus on three main areas: verification of the methods used to obtain the database of e-mail addresses used in the mass campaign, confirmation of the prior consent of persons having received the e-mail messages sent, and respect for the freedom of Internet users to receive or refuse the messages sent, notably by means of an active unsubscribe link.

All companies failing to comply with these three conditions during a Cnil inspection will be liable to a fine of up to 150,000 euros. In the event of a repeat offence, this amount will be doubled. The companies concerned and all their canvassing operations may also be placed under Cnil surveillance for a certain period of time.