There is a continual flurry of secondary legislation being laid before the UK parliament every day it is in session. Most of it, like the The Tonnage Tax (Training Requirement) (Amendment) Regulations 2003 (Statutory Instrument 2003 No. 2320), is of interest to very few of us. An exception to this general rule might be The Privacy and Electronic Communications (EC Directive) Regulations 2003, laid before parliament on the 18th of September and coming into force on December 11th.
The 22 pages of new regulations, explanatory text and schedules are the government's implementation into UK law of the EC Directive on privacy and electronic communications (2002/58/EC, PDF link). They replace earlier regulations from 1999 and 2000, and cover a whole collection of issues from the right to have an un-itemized telephone bill if you want one to what looks like a moderately sensible "do not call" system for telephone and fax to be run by the new Office of Communications (OFCOM), hopefully a more effective system than the current Telephone Preference Service. On the other hand, as OFCOM won't even start operations until the end of 2003, I'm not holding my breath.
Regulation 6 is interesting because underneath the opaque drafting language it is talking about cookies: if you want to store a cookie on someone's computer, you now need to ask permission at least on the first occasion. Unfortunately, "stored" is not defined, so this regulation probably applies as much to the (relatively harmless) session cookies stored only in your browser as opposed to the persistent kind stored on your hard disk that are presumably the real target of the legislation.
The headline provisions in the new regulations, though, are contained in regulations 22 and 23. The DTI press release spins these as "New Moves to Hammer Spammers", but others have been less kind: Spamhaus, for example, say "Britain Bungles Anti-spam Law" [URL removed 20051030: article has been removed].
A quick summary of the main points of regulations 22 and 23 as I understand them follows:
email@example.com, with things like
firstname.lastname@example.org well into in the weasel zone.
So, this all sounds like good news for users as far as it goes: it's less clear whether it goes far enough. A bigger problem in the short term is that the usual estimate is that 90% of spam received in the UK comes from outside, mainly from the USA, and that a UK regulation by its nature can therefore have little effect on the total volume of spam received by users here. In the longer term, I can't see any international legal framework addressing the problems of unsolicited bulk email until everyone has had a few years of experience with the more local variety.
Disclaimer: I am not a lawyer and none of the above should be taken as legal opinion; if you need advice, you should talk to a professional.
[Updated 20031007 to point to the official HMSO page for the new regulations now that it exists.]