The EU has given the final thumbs-up to a controversial data retention directive.
The legislation, which the EU says is necessary to help fight terrorism and organised crime, was passed by justice ministers in Brussels on Tuesday. ISPs and fixed-line and mobile operators will now be forced to keep details of their customers' communications for up to two years.
Information including the date, destination and duration of communications will be stored and made available to law enforcement authorities for between six and 24 months, although the content of such communications will not be recorded. Service providers will have to bear the costs of the storage themselves.
EU countries will now have until August 2007 to implement the directive, which was initially proposed after the Madrid train bombings in 2004.
While some member states had recommended data be stored for longer periods, the new legislation has drawn fire from privacy advocates who believe the directive is a threat to individuals' human rights.
A coalition of civil liberties groups including Privacy International recently criticised the directive in an open letter to the EU.
The letter said: "Adopting this directive would cause an irreversible shift in civil liberties within the European Union. It will adversely affect consumer rights throughout Europe. And it will generate an unprecedented obstacle to the global competitiveness of European industry."