UK ISPs forced to keep customer data by EU

From this Sunday, internet service providers (ISPs) will be forced to store data from their customers for up to one year under the EU Data Retention Directive.

This data will include names, dates of birth, billing addresses and credit card information, in addition to IP addresses and session data.

The directive will represent a move from the current voluntary scheme that ISPs have with law enforcement, to one that meets minimum requirements across the EU.

Supporters claim that the directive is necessary as police, security and intelligence agencies all rely heavily on communications data to carry out their law enforcement and public safety functions efficiently.

It's believed that data will be available to support long running investigations such as terrorism, and will help build stronger prosecution cases.

However, opponents have criticised the proposals due to reasons like the cost of the operation - estimated at 46 million over a four year period - and low confidence about businesses' handling of data security.

Jamie Cowper of encryption firm PGP Corporation said that ISPs needed to take their obligations seriously.

He said in a statement: "If privacy violation is to be avoided, and the huge cost of the operation is to be justified, then the security of public's data must be watertight."