The legislation, which the EU says is necessary to help fight terrorism and organized crime, was passed by justice ministers in Brussels on Tuesday. Internet service providers and fixed-line and mobile operators will now beof their customers' communications for up to two years.
Information including the date, destination and duration of communications will be stored and made available to law enforcement authorities for between six and 24 months, although the content of such communications will not be recorded. Service providers will have to bear the costs of the storage themselves.
EU countries will now have until August 2007 to implement the directive, which was initially proposed after the Madrid train bombings in 2004.
While some member states had recommended data be stored for longer periods, the new legislation has drawn fire from privacy advocates who believe the directive is a threat to human rights.
A coalition of civil liberties groups, including Privacy International, recently criticized the directive in an open letter to the EU.
"Adopting this directive would cause an irreversible shift in civil liberties within the European Union," the letter said. "It will adversely affect consumer rights throughout Europe. And it will generate an unprecedented obstacle to the global competitiveness of European industry."
Jo Best of Silicon.com reported from London.