Tue Mar 17, 2009 14:02
ISPs will be forced to store data on their customers for up to one year under the EU Data Retention Directive, which comes into force this Sunday.
This data will include names, dates of birth, billing addresses and credit-card information, as well as IP addresses and session data.
The Directive is a shift from the current voluntary scheme that ISPs have with law enforcement, to one that meets minimum requirements across the EU.
Supporters claim the Directive is necessary as police, security and intelligence agencies all rely heavily on communications data to carry out their law enforcement and public safety functions efficiently.
It's believed that data will be available to support long-running investigations into terrorism, and will help build stronger prosecution cases.
However, opponents have criticised the cost - estimated at £46 million over a four-year period - and have voiced concerns over businesses storing such sensitive data.
Jamie Cowper of encryption firm PGP Corporation says that ISPs needed to take their obligations seriously. "If privacy violation is to be avoided, and the huge cost of the operation is to be justified, then the security of public's data must be watertight," he says.