The European Parliament finally reached a decision today regarding data retention and spam email after four months of disagreement between parliamentary members.

Under the Electronic Communications Data Protection Directive, member states will only be able to 'lift the protection of data privacy' when conducting criminal investigations or as a safeguard to national security and when it is a "necessary, appropriate and proportionate measure within a democratic society".

"We are pleased with this decision and hope it will offer reassurance to people that their data will be held safely," said a European Parliament spokesman.

But a controversial clause in the Directive will allow member states to force ISPs and telecom operators to retain data on all customers for years, rather than the one or two-month period campaigners were lobbying for.

Although this information is meant to be used for billing purposes, privacy campaigners are concerned the information may be passed on to third parties. For instance, it could be accessed and studied by police searching for evidence of suspicious activity, rather than being looked at on a case-by-case basis as it is now.

The European Parliament admitted this clause was included as a compromise between all groups involved.

Joe McNamee, European affairs manager for the Association of European ISPs, EuroISPA, said this decision was "unfortunate".

The Global Liberty Internet, an international coalition of non-governmental organisations from 15 countries, said the clause "let down the whole Directive".

The second important decision the European Parliament reached today concerned spam email. Internet users will now have to opt in to receive unsolicited email, which effectively means they will have to give companies permission to send them marketing mail.

But things aren't quite that clear cut. The so-called soft opt-in means companies with existing business relationships with customers will be able to operate an opt-out system.

As long as the company is marketing a similar product to the one the client has already purchased, they will automatically receive emails unless they opt out or object to receiving them.

ISPs will now also have to take responsibility for filtering out unwanted spam messages.

"Reducing the amount of junk mail ISP's customers receive will be a real tangible value-add in terms of the service they are able to offer," said Francois Lavante, vice-president of anti-spam software firm Brightmail.

But campaigners have highlighted the limitations of this legislation. Around 90 percent of junk mail originates from outside the EU and this will not be covered by the legislation.

"Current legislation, opt in or opt out, will only solve 10 percent of the problem," said Lavante. "A combination of legislation and a technological solution will work towards addressing the other 90 percent of unsolicited communications that Europeans receive."

Finally, the European Parliament insisted the Directive be re-evaluated within three years of application.