The Federal Trade Commission asked a California court to shut down a SMS spam operation, because of several violations of the Can-spam act. The case is interesting because the allegations against the spammer, a private person, not only see to unsolicited messages and no OPT-out possibility, but also on data-harvesting. The spammer sold the information he received from the people responding to his spam messages to third parties. The court still has to decide of course.
The Greek Data Protection Office did a similar case in 2009 of which I can unfortunately not provide a link. To my knowledge they were the first reporting on an investigation and fine into this combination. As such it was an inspiring example of how a spammer can be approached across the board.
In the Netherlands a first case like this still has to be brought about, but then it is harder here as there are (at least) two different enforcement agencies involved. Selling privacy sensitive data can be and most probably is a breach of privacy law and needs to be looked in to over here also. It happens and probably more often than we like to think. How long will it take before we read about the first fined data harvester in the Netherlands?
Wout de Natris
Leiderdorp, 26 February 2011