The European Union has argued that telecom companies must hold on to internet and phone records for long periods to help track down evildoers, but the European Court of Justice disagrees -- vehemently. It just ruled that the EU's Data Retention Directive, which preserves metadata for up to two years, is a "wide-ranging and particularly serious" violation of the EU's privacy rights. It collects more information than necessary, doesn't establish firm limits and lets companies send data outside of the EU, according to the ruling. While the Directive doesn't scoop up actual content, the court believes that the unrestricted collection allows too much insight into people's daily activities and social connections. Sound familiar? It should. The ruling acknowledges the privacy concerns that prompted the US' proposed metadata reforms, but goes one step further -- the court is contending that bulk data retention by itself is dangerous without serious restrictions.