The European Parliament's Civil Liberties Committee has partially closed the door on laws requiring all data traffic records to be retained for a number of years by service providers.
The Committee supported Italian MEP Marco Cappato's proposal for "a strict regulation of law enforcement agencies' access to personal data of citizens, such as communication traffic and location data".
Brussels has been split by the privacy versus law enforcement issue, with the European Commission at loggerheads with the EU Council of Ministers.
The Commission is opposed to any changes to the status quo, which allows records to be kept only for billing purposes, while the Council of Ministers is ready to support the claims of law enforcement authorities that the retention of records is necessary to fight cybercrime.
A statement issued by Cappato said: "This decision is fundamental because, in this way, the European Parliament blocks EU States' efforts underway in the Council to put their citizens under generalised and pervasive surveillance."
Cappato's proposal allows EU countries to introduce laws that let law enforcement authorities look at data records only in "entirely exceptional" circumstances, and that "any form of wide-scale general or exploratory electronic surveillance is prohibited".
Critics say that it is unclear what these "entirely exceptional" circumstances will be, and how individual cases will be interpreted in the context of blanket data retention.
EE, O2, Vodafone, Three and Airspan open the bidding
Worried about data privacy? Here are several ways to secure your Facebook account
The ICO is seeking an urgent warrant to investigate a major data breach - everything you need to know as the story continues to unfold