The U.S. is proposing stricter data-collection requirements for the ESTA visa-waiver application, including social media and other information, but these changes are not yet finalized or in force, and would not apply before 2026 at the earliest.

The United States government is considering a major overhaul of how it collects personal information from foreign visitors, signaling a potential shift in the balance between security and privacy for international travelers. At the heart of the proposal—jointly released by U.S. Customs and Border Protection (CBP) and the Department of Homeland Security (DHS)—is an expansion of the information required from individuals traveling under the Visa Waiver Program (VWP). This program currently allows citizens of designated countries to visit the U.S. for short stays without traditional visas, using instead the Electronic System for Travel Authorization (ESTA). Under the proposed changes, most visitors would be required to provide substantially more detailed personal and digital background information as a prerequisite for entry. The proposal stems from growing concerns among U.S. security agencies that current screening measures—often conducted at points of departure or arrival—are insufficient in an era where potential threats can be identified far earlier in people’s digital footprints. However, the proposal has sparked intense debate over privacy implications, proportionality, and potential impacts on tourism and international travel at large, with advocates and critics alike voicing strong opinions on its long-term effects.

Central to the expanded data collection requirement is the disclosure of extensive digital footprints, particularly social media activity and contact history. Under the new proposal, visitors applying through ESTA may be asked to list all social media platforms they have used over the past five years and to provide identifiers associated with those accounts, such as usernames. The intent behind this requirement is to allow security officials to construct a more complete picture of travelers’ online presence, behavior, and potential connections to people or content flagged as risky. In addition to social media history, applicants might be required to submit as many as ten years’ worth of email addresses and other contact details. The logic put forward by proponents of the policy is that digital behaviors often reveal patterns or associations that traditional screening processes—limited to passport information and brief in-person interviews—cannot detect. This emphasis on pre-travel vetting through digital history represents a paradigmatic shift in border security, moving much of the risk assessment timeline ahead of travel itself.

Beyond digital identifiers, the proposal outlines a broader collection of personal data that significantly exceeds current requirements. Among the data points that could become standard on future ESTA applications are mobile phone numbers, IP addresses, and metadata associated with submitted photos—information that collectively could map a person’s digital behavior with a high degree of granularity. Additionally, the proposal would require detailed information about close family members, including names, dates of birth, and contact information, raising concerns about the privacy of individuals who may not be traveling themselves. One of the most controversial aspects of the proposal is the suggestion that biometric data collection could be expanded in the future. While current border security processes already use facial recognition and fingerprints, the document hints at the possibility of incorporating additional biometric identifiers—potentially including DNA—“when feasible.” There is no defined timeline for such expansions, and government officials have not laid out specific methods for how these advanced biometrics would be collected or stored, leaving many questions unresolved.

Supporters of the expanded data collection argue that the proposal is a necessary modernization of U.S. border security practices in response to evolving global threats. They assert that risks to national security, immigration systems, and economic stability increasingly originate in online networks rather than just physical spaces, and that earlier access to digital data could enable authorities to identify potential issues before they escalate. By reviewing detailed traveler information well before boarding, proponents claim that authorities can reduce reliance on last-minute screening at airports and land borders, which may miss important red flags. To advance the proposal, DHS and CBP have opened a public comment period lasting roughly 60 days, during which individuals, advocacy organizations, and industry stakeholders can submit feedback. Following this period, the government will review comments and decide whether to finalize the rule—a process that could extend into 2026 or beyond, given the scope and potential legal challenges involved.

If adopted, the new data requirements would affect millions of travelers from countries participating in the Visa Waiver Program, including major Western allies and economic partners such as the United Kingdom, most European Union member states, Japan, Australia, and South Korea. Critics of the proposal—particularly civil liberties organizations and digital rights advocacy groups—have voiced strong objections to the breadth and depth of the proposed data collection. One major concern is that online posts and behaviors taken out of context or written years earlier could be misinterpreted, leading to unwarranted scrutiny or travel denials for individuals who pose no actual threat. Critics also argue that mandatory disclosure of extensive social media history could chill free expression, as visitors may self-censor their online activity to avoid possible red flags. Furthermore, substantial concerns exist over data security and the risk that sensitive personal information could be misused or inadequately protected, especially given that the data would be stored even for individuals not suspected of any wrongdoing. Questions also remain about how long the government would retain this information and what safeguards would be in place to prevent misuse by authorities or unauthorized access by bad actors.

Adding to the controversy are plans to modernize the ESTA application process itself, including a shift toward a mobile app that could integrate facial recognition technology and geolocation tools. While CBP describes these changes as efforts to streamline the application process and enhance fraud prevention, critics warn that they could enable even more extensive monitoring of travelers before and during their stay in the United States. Concerns have been raised that the combination of enhanced digital data collection and mobile tracking tools could create a pervasive surveillance environment that extends well beyond traditional border security needs. Supporters of the proposal counter that reviewing publicly available online activity and leveraging modern technology are reasonable and necessary counter-terrorism measures in a digitally interconnected world. Opponents, however, fear that such policies could deter international tourism, prompt retaliatory requirements from other countries, and ignite legal challenges grounded in privacy rights and free speech protections. As the public comment period continues, the proposal remains under consideration rather than finalized, but its potential implications for global travel, personal privacy, and international relations are already generating significant debate.