Just read this on Terry Zink's blog and thought it was worth re-posting here. Here's what he says:
Some of this stuff I couldn't make up if I tried...
With all the hoopla about the David Ritz case (which I will blog about in a future post), I thought I'd remark about a very strange legal requirement about filtering mail. As usual, this unreasonable legal requirement only applies to the EU.
In the EU, you cannot filter mail by inspecting its content.
I am not making that up. When I heard that, I said "Are you serious? How are you supposed to filter mail?" For goodness sakes, by definition, email filtering is based upon content inspection. Apparently, you can only filter mail by doing IP blocking and other high level techniques without actually inspecting the content (I guess also doing SPF checks and whatnot, but I would think you would need some content, namely the MAIL FROM, on which to do that). Now, spam filtering companies have a provision in that we are doing it on behalf of our customers, that is, we are doing it because they want us to do that.
Now you may say "We are using automated techniques to do spam filtering and there is no manual inspection." That actually makes it worse. Using automated techniques to inspect content makes regulators and privacy commissioners feel more uncomfortable about the data is being used, rather than more at ease. Presumably, their point of view is that an automated technique can be more easily used to harvest and extract information. They are really big about protecting PII (Personal Identifiable Information) over there. Too bad they have no clue about the way the email world actually works.
Anyone care to comment on this or share some more insights? This is the first time I've heard about this...