A senior advisor to the European Court of Justice has released a statement which says the retention of personal data is lawful under the condition it is used to fight serious crime and does not infringe on an individual’s privacy rights.

The ruling could force telcos in the EU to retain customer communications data for as long as it is strictly necessary to fight serious crime, assuming it doesn’t infringe an individual’s right to privacy. The type of data which can be stored include the date, time and duration of calls, and the source and destination of calls, but not the content of the conversation itself. Although this is only a preliminary ruling from a senior advisor to the court, traditionally the court itself has followed suite.

The argument on how much access government agencies have to personal data has been on-going since technology has allowed data to be collected, though Edward Snowden’s actions in 2013 brought the saga into the public eye. Since that point, numerous data laws throughout Europe have been questioned and the European Commission’s own Data Retention Directive was ruled invalid in 2014 in response to a case brought by Digital Rights Ireland against the Irish authorities.

In a statement released by Advocate General Saugmandsgaard Øe, he outlined various conditions in which the retention of data would be deemed lawful. Firstly, the government in question must have legislation or regulation in place which details the “characteristics of accessibility, foreseeability and adequate protection against arbitrary interference”. Secondly, the actions must respect an individual’s right to privacy. Thirdly, the article states the retention of this data must be proportionate to its purpose, though what this specifically means is unclear.

Finally, the actions must be in relation to serious crime. The statement reads; “solely the fight against serious crime is an objective in the general interest that is capable of justifying a general obligation to retain data, whereas combating ordinary offences and the smooth conduct of proceedings other than criminal proceedings are not.”

While the Advocate General has made an attempt to satisfy the argument of how much access government bodies should have to personal data by providing a middle ground, the statement itself is relatively vague, and in turn leaves areas open to interpretation for governments to dictate their own legislation. Although the European Court of Justice has made an effort to provide guidelines, may have added wood to the fire, allowing the debate to continue.

“The opinion of Advocate General Henrik Saugmandsgaard Øe on the data retention laws in the United Kingdom and Sweden doesn’t provide concrete answers in the legal case on blanket data retention provisions in EU member states,” said MEP Jan Philipp Albrecht. “The advocate general leaves it open to his own judges or the national courts to make their own assessment in the individual cases on the basis of the requirements set out by the Court of Justice in the DRI judgement from March 2014.

“While naming the various high requirements as minimum standards and making clear that even if meeting those data retention laws may still be un-proportionate he fails to deliver clear indications weather and when these requirements would not be met by a member states’ law. We can only hope that the judges of the Court will not allow themselves to be that vague when interpreting the EU fundamental rights vis-à-vis member states’ laws.”

The guidelines could have an impact on the UK after House of Commons recently voted in favour of the Investigatory Powers Bill, nicknamed the Snooper’s Charter by critics. The bill which gives UK intelligence agencies greater power to examine browsing histories and hack phones, has been championed by now-Prime Minister Theresa May, which could in turn see the bill pushed to law faster than previously assumed following her ascension to Number 10.