Details of user e-mails, website visits and net phone calls will be stored by internet service providers (ISPs) from Monday under an EU directive.
The plans were drawn up in the wake of the London bombings in 2005.
ISPs and telecoms firms have resisted the proposals while some countries in the EU are contesting the directive.
Jim Killock, executive director of the Open Rights Group, said it was a “crazy directive” with potentially dangerous repercussions for citizens.
All ISPs in the European Union will have to store the records for a year. An EU directive which requires telecoms firms to hold on to telephone records for 12 months is already in force.
The data stored does not include the content of e-mails and websites, nor a recording of a net phone call, but is used to determine connections between individuals.
Authorities can get access to the stored records with a warrant.
Governments across the EU have now started to implement the directive into their own national legislation.
The UK Home Office, responsible for matters of policing and national security, said the measure had “effective safeguards” in place.
ISPs across Europe have complained about the extra costs involved in maintaining the records. The UK government has agreed to reimburse ISPs for the cost of retaining the data.
Mr Killock said the directive was passed only by “stretching the law”.
The EU passed it by “saying it was a commercial matter and not a police matter”, he explained.
“Because of that they got it through on a simple vote, rather than needing unanimity, which is required for policing matters,” he said.
Sense of shock
He added: “It was introduced in the wake of the London bombings when there was a sense of shock in Europe. It was used to push people in a particular direction.”
Sweden has decided to ignore the directive completely while there is a challenge going through the German courts at present.
“Hopefully, we can see some sort of challenge to this directive,” said Mr Killock.
Isabella Sankey, Policy Director at Liberty, said the directive formalised what had already been taking place under voluntary arrangement for years.
“The problem is that this regime allows not just police to access this information but hundreds of other public bodies.”
In a statement, the Home Office said it was implementing the directive because it was the government’s priority to “protect public safety and national security”.
It added: “Communications data is the where and when of the communication and plays a vital part in a wide range of criminal investigations and prevention of terrorist attacks, as well as contributing to public safety more generally.
“Without communications data resolving crimes such as the Rhys Jones murder would be very difficult if not impossible.
“Access to communications data is governed by the Regulation of Investigatory Powers Act 2000 (Ripa) which ensures that effective safeguards are in place and that the data can only be accessed when it is necessary and proportionate to do so.”