Legislation that would require telephone companies and internet service providers (ISPs) to save information about customers' communications is set to proceed despite being rejected by the European parliament.
The legislation's draft proposal was introduced jointly by France, Ireland, Sweden and the UK to aid law enforcement in combating terrorist acts. It will require phone companies and ISPs to retain customer data such as the time, date and location of sent and received emails and phone calls for 12 to 36 months. The content of the communications, however, will not be retained.
The European parliament on Tuesday rejected the proposal, partly on grounds it could be illegal.
"There are sizable doubts on the choice of the legal basis and the proportionality of the measures. It is also possible that the proposal contravenes Article 8 of the European Convention on Human Rights," the report from the parliamentary committee on Civil Liberties, Justice and Home Affairs (LIBE) says.
The committee also criticised the proposal because the data would be difficult to analyse and criminals could find a way around it.
"Given the volume of data to be retained, particularly internet data, it is unlikely that an appropriate analysis of the data will be at all possible," the report says. "Individuals involved in organised crime and terrorism will easily find a way to prevent their data being traced."
The amount of data collected would be 20,000 to 40,000 terabytes or "equivalent to 10 stacks of files each reaching from Earth to the Moon", the report said, and the cost to each affected company would be €180m per year.
In spite of this rejection, though, Luxembourg minister Nicolas Schmit said on Tuesday the Council of Ministers will stand by the proposal, which has now been referred back to the parliamentary civil liberties committee.
The European Commission is also getting involved. It has said it will introduce a new proposal for communications data retention with a different legal basis by the summer.
Regardless of the European legislation, in the UK communication service providers already retain data on customers' phone calls, emails and web behaviour for one year, thanks to the Regulation of Investigatory Powers Act (RIPA).