On March 1, the French government regulated that Internet companies must keep their users’ data for a year, and make them available to the authorities when subpoenaed. These data include anything used to identify a user and allow her to use a web service, i.e., ID, password, name, email addresses, as well as postal address and phone number when available.

This applies to video and music sharing sites, as well as e-commerce.

More than 20 Internet companies present in France, including Google, Facebook, eBay, Dailymotion, are bringing the case before the State Council, their representative French Association of Internet Community Services (ASIC) said today. They claim that handing over these data sets to the police, customs, tax or social security authorities upon request, is a breach of their customers’ privacy.

It is a difficult balance between privacy and the requirements of security and investigation, especially in the Web. Most people recognize that privacy laws are stronger in Europe than in the US.

But France’s position on privacy has surely been ambiguous. French authorities summoned big corporations for the way they handled sensitive information in the past. Google got fined 100,000 Euros on March 21 because of the private information (including snooping on private Wifi) it collected while gathering data for its panoramic Street View.

It will be interesting to see how the claim unrolls –at least it will force a public debate about privacy and security, and will make people more aware of what they put freely on the Web.