The European Commission has said member states must do more to fight the spread of spam.
Despite existing EU legislation to outlaw spam across Europe, the region continues to suffer from illegal online activities from inside the EU and from other countries, the Commission said.
The Commission said that although internet safety has been on the political agenda for some time, national authorities had to step up their actions to prosecute illegal online activities.
"It is time to turn the repeated political concern about spam into concrete actions to fight spam," said Viviane Reding, commissioner for information society and media.
"In line with EU legislation outlawing spam, the Dutch authorities have managed to cut domestic spam by 85% - I'd like to see other countries achieving similar results through more efficient enforcement, said Reding.
Reding added, “I will revisit this issue again next year to see whether additional legislative measures against spam are required.”
Security software firms estimate that spam could represent up to 85% of all e-mail.
From being a nuisance, said the Commission, unsolicited e-mail has become increasingly fraudulent and criminal.
Criminals are luring users into revealing their sensitive data and finances via so-called "phishing"
e-mails. Privacy is also at risk because spyware, spread by e-mail or software on websites, tracks and reports on users' behaviour.
The EU-wide “ban on spam” adopted in 2002, as part of the ePrivacy Directive, is clearly not being fully adopted by most member states, said the Commission.
The Information Commissioner in the UK is currently responsible for enforcement action when it comes to the ePrivacy Directive, but the organisation said it is not geared up to fight spam. This may now have to change.
The Dutch fall in spam was achieved through prosecutions by spam fighter Opta, with just five full-time employees and €570,000 (£395,000) invested in equipment.
The Commission will revisit the legislative framework when it introduces new proposals to strengthen user privacy and security in 2007.
The proposals may oblige service providers to report security breaches that have led to personal data loss and/or to interruptions of service supply.
Under the proposals national regulatory authorities would have the power to ensure operators implement adequate security policies.
In addition, member states would need to ensure that any person or organisation with a legitimate interest in combating infringements under the ePrivacy Directive may take legal action and bring them before a national regulatory authority.
Comment on this article: firstname.lastname@example.org