The law steps up the global war on spam and "is a key tool to strengthen consumer confidence in the Internet and electronic communications," said EU Enterprise Commissioner Erkki Liikanen.
But how they enforce the new rules are left to the 15 EU nations. Fines vary among the countries, and unlike the strictest laws in Virginia and other U.S. states, European Union rules don't call for jail time.
And although the EU rules cover spam sent from the United States and elsewhere, member countries lack both the resources--and the authority--to pursue violators abroad.
Most spam comes from the United States, where the Senate recently approved a do-not-spam list and a ban on sending unsolicited commercial E-mail using a false return address or misleading subject line. Several states also have anti-spam laws.
Nonetheless, Europe has been more aggressive at adopting measures protecting people's right to be left alone.
The new European rules also limit companies' ability to use "cookie" files and other devices that let them obtain information about users who visit their Web sites. Companies will now be required to ask users' permission before taking such data and retaining or selling it.
"Spyware" that burrows invisibly onto computer hard drives and snoops on users also becomes illegal.
Europe will allow only police and emergency services to locate people from their satellite-linked mobile phones.
"The directive is technology neutral and gives consumer and citizens a variety of tools to protect their privacy and personal data," the European Commission said in a statement.