Following claims from civil liberties group Statewatch last month that the European Union was planning to force ISPs in member states to hold onto customer data, European Data Protection Commissioners have now expressed doubts over the legality of any such plans.

At a conference in Cardiff last week the Commissioners discussed the proposals to make holding data on all kinds of telecommunications, such as details about time, place and numbers used for phone, fax, emails and internet use, mandatory for up to a year.

In a Statement the Commissioners said they had "grave doubts as to the legitimacy and legality of such broad measures".

They identified several problems associated with forcing telcos to hold such data including the high cost of such data retention, which would surely fall on the consumer in the long run. But the key worry was the invasion of personal privacy occasioned by the holding of such intimate data regarding customers use of the phone, fax, email and the web.

In their statement, the Commissioners said: "such [data] retention would be an improper invasion of the fundamental rights guaranteed to individuals by… the European Convention of Human Rights."

This European statement on data retention comes at an appropriate moment for the UK government, which is currently struggling with the problem. Under the terms of the December 2001 Anti-Terrorism Crime and Security Act, telcos are asked to hold data on a voluntary basis. But this scheme has not been a success, so the government has been considering making holding such data compulsory for an unspecified period of time, although as yet nothing has been decided.