The European Parliament has rejected the UK's plan to require communications providers to retain rather loosely-defined user and traffic data for a minimum of a year, and possibly indefinitely.

The Draft Framework Agreement was put forward by the UK, with the backing of France, Sweden and Ireland, in the wake of the Madrid bombings. It was argued that the powers the bill contained were needed to help law enforcement agencies protect Europe from terrorism.

However, by proposing the legislation as a Draft Framework Agreement rather than asking the Commission to draft a Directive, the four countries were effectively bypassing the parliament, something which put MEPs' noses out of joint.

A statement on the parliament's website reads: "MEPs welcomed instead an alternative proposal on data retention launched by the Commission last week, in which the Parliament will have codecision power to ensure that MEPs' demands are respected."

The Commission proposal puts an upper limit on the time data must be stored: one year for telecoms data and six months in the case of internet information. It also proposes that communications companies are compensated for the additional costs they will incur, complying with the new laws.

Yesterday, the official in charge of data protection in the EU said he was still not convinced of the necessity of the proposals put forward in the directive, and said further safeguards were needed to protect citizens' privacy. ®