A study by the Institute of Information Law (IViR) at the University of Amsterdam has revealed that the E.U.’s much-vaunted anti-spam legislation, Directive 58, is fast turning into a legislative disaster.

The Directive on Privacy and Electronic Communications, to give it its full name, was supposed to have been adopted by E.U. member states by October 2003, but according to the IViR, only seven of 15 have bothered to implement legislation by the cut-off date.

A directive that was supposed to see spammers pursued under Article 13 of the Directive, the section which covers e-privacy, could now witness the ridiculous situation of members states themselves being fined by E.U. authorities for non-compliance.

The report’s authors said that there was also uncertainty as to how and when new states joining the E.U. on 1 May this year would have to implement the directive.

Beyond the basic issue of compliance, the IViR’s research lifts on deeper problems that could take a decade to sort out. There was, for example, widespread confusion about defining the precise meaning of some of the legislation’s main terms, and countries that have implemented the Directive were attaching widely varying penalties for offenders ranging from fines to imprisonment.

The worst countries for originating spam were also outside the E.U. IViR senior researcher Lodewijk Asscher described the top three — the U.S., China and South Korea — as the “spam axis of evil”. Directive 58 was powerless to make real headway without a widening of international cooperation. “No legal solution will catch all spam. Technical solutions are crucial.”

But he still felt that the Directive had been worthwhile as a statement of intent. “There is important symbolic value. It has put spam on the political agenda,” he said. “The U.S. Can-Spam regime is far inferior to this Directive. It is (merely) an opt-out regime.”

The IViR carried out the research in conjunction with by anti-spam vendor Sybari Software Inc.