Sweden will not put into effect the EU Data Retention Directive for at least a year, after a vote in the parliament on Wednesday postponed the implementation of the directive.
Approval of the directive would have made it mandatory for operators to store user data.
The directive requires information about who communicates with whom via telephone and the Internet to be stored by operators and then made available to law enforcement authorities. The Swedish implementation of the directive would require data to be stored for six months, which is the minimum period allowed by the EU rules.
However, the Left Party, the Green Party and the Swedish Democrats managed to postpone the implementation of the new measures by using a provision in the constitution where a sixth of the votes in parliament can postpone a decision for at least a year.
"The parliament's decision is a victory, albeit a temporary one, for all who are fighting for an open society where individual freedoms are respected," said Jens Holm, member of parliament for the Left Party, in a statement.
The Green Party and the Left Party think that the directive, with its requirement for mass surveillance, restricts basic rights and freedoms. It is also an ineffective way to fight major crime, according to the Left Party. It is now calling for the Swedish government to work on an EU level to have the directive overturned or renegotiated, said Maria Ferm, member of parliament for the Green Party.
Today, most operators will only save data for a very limited time, if at all, the Swedish police said in a statement. That is totally unacceptable and has led to Sweden emerging as a safe haven for those who want to commit crimes via the Internet, according to the police.
For example, operator Tele2 only saves data long enough to secure billing and check for spam, phishing scams or denial of service attacks, according to a spokeswoman.
The European Commission - the EU's executive branch - is now expected to go court to determine the fine Sweden has to pay for not implementing the directive, according to Ulrika Karlsson, member of parliament for the Moderate Party, who voted to implement the directive.
The EU Data Retention Directive is currently under review by the commission, a process that has not been going well, according to Joe McNamee, advocacy coordinator at European Digital Rights (EDRi).
"The commission was legally obliged to provide an implementation report on the directive by September last year," said McNamee.
The goal of the report is to assess what is happening with the directive in countries where it has been implemented, including how it's working on the ground, according to McNamee. However, the commission has been struggling to get enough data from the member states for a thorough assessment, he said.
The review of the data retention directive is ongoing and the report is expected to be ready in April, according to a spokesman for commissioner Cecilia Malmström, who is responsible for Home Affairs. On her website, Malmström states that she will work for "strong respect for privacy, personal integrity and data protection, ensuring that all actions - including data collection and data sharing - in the fight against organised crime and terrorism are proportional and justified".
EDRi's McNamee said: "They are either going to produce something indefensibly and embarrassingly weak or they are going back to the drawing board."