The Information Commissioner's Office (ICO) has expressed concerns over the collection of communications data proposed in the government's interception modernisation programme.
Communications service providers (CSPs) are already compelled to retain communications data that can be examined by authorities for a period of 12 months.
But while the government has abandoned plans for a database of all internet communications, it is currently consulting on plans to force CSPs to collect more information on internet activity and process it for authorities to examine.
In a response to the consultation, the ICO said the government has not yet made a good enough case for the routine collection and retention of further communications data covering the entire population.
"The ICO recognises the value that communications data has for the prevention and detection of crime and the prosecution of offenders. However, this in itself is not justification enough for mandating the collection of all possible communications data on all subscribers by all CSPs," says the ICO response document.
The ICO said the government does not appear to have fully investigated other options that may exist between the two extremes of a single, centralised database of all communications data and doing nothing.
The privacy watchdog is concerned that current safeguards are not adequate to deal with the further collection and processing of communications data by CSPs to ensure they are doing it properly.
The response emphasises that there is a danger CSPs could use the information for their own purposes in the course of collecting it for the government.
Last month a report by academics at the London School of Economics concluded that the government's data collection proposals represented a "phase change" in the relationship between the citizen and the state, and would place an undue burden on CSPs.
An MPs' all-party privacy group is also examining the government's proposals and met for the first time earlier this month.