The two behaviours that fall under my responsibility do not concern consent in the broad sense. It relates to two highly targeted and clearly unacceptable behaviours, namely, the harvesting of email addresses and the installation of spyware.
There is no doubt in my mind that spyware should be prohibited. There should be no exceptions that allow this kind of behaviour. Harvesting email addresses falls under the same category, but less clearly. There is a direct link between harvesting email addresses and the risks that consumers are exposed to, because email addresses can then be used to distribute malware, for instance. Because of the link between the two, I don't think there should be any exceptions.