The UK is not doing enough to deter spammers and combat the use of malicious computer code to damage users' computers, according to a study commissioned by the European Commission.
The report examined the action taken in all 27 EU countries against spammers and those who send malicious code such as viruses and spyware to users, and suggested changing the law to allow ISPs to take action against spammers.
The report found that UK authorities dedicated too little money and effort in combating malware.
"Although issues of spam and spyware receive considerable publicity in the United Kingdom," said the report, produced on the Commission's behalf by Time.Lex.
"Although legislation has been introduced, sanctions are limited and few resources have been allocated to the agencies charged with enforcing the rules."
"No cases have been reported of action being taken against spammers. The situation is a little more optimistic regarding spyware and although there have not been many cases, there is no doubt that the provisions of the Computer Misuse Act will apply in respect of this form of behaviour, at least where software is installed without the authority of a computer owner," it said.
The report said that some EU countries had performed better than others in combating the targeting of internet users.
"Some Member States could improve the level of attention that is paid to the fight against spam, spyware and malicious software. Currently this is clearly not a point of focus of the central government in such States," said the report. "Member States with a strong commitment of the central government to fight online malpractices often adopt legislative instruments and free budgets to increase the investigation and prosecution powers of their governmental departments."
The study said that EU countries had "become more active" in their anti-spam and anti-spyware activities but that they were still not doing enough to effectively fight the threats to users' security.
"Although the situation has improved over the recent years, in general not enough deterring measures, in particular through imposing fines, have been undertaken at Member State level," it said.
The report acknowledged that a number of prosecutions have been made in the UK under 1990's Computer Misuse Act. One involved a man using software to spy on his wife's computer use while they were going through a divorce, while another targeted a major criminal operation trading in stolen bank and credit card details.
The report said that all EU countries should do more to solve the problem. "In general, Member States should invest more substantial resources to gather evidence, pursue investigations and mount prosecution in this field."
The report also suggested legal changes that might make it easier to combat spam and spyware.
"There are only a few effective judicial sanctions against online malpractices in Member States. This may in part be due to the fact that end users do not usually have the know-how and means to start proceedings. A right for network operators to sue spammers may be helpful in this respect," it said.