The United States has proposed a sweeping new rule that would require all visitors – including those from visa-free countries such as the UK, Australia, Japan, Germany, France and others – to submit five years of their social media history before entering the country.
The plan, announced by U.S. Customs and Border Protection (CBP) under the Department of Homeland Security (DHS), aims to tighten security and improve identity checks.
Critics warn it risks privacy violations, could harm tourism, and might chill free expression worldwide. The proposal is open for a 60-day public comment period before potential implementation.
The U.S. government has signalled a significant shift in its travel vetting system with a draft regulation that would require millions of foreign visitors to share details of their online lives.
Under the proposal, travellers from the 42 countries currently eligible for the Visa Waiver Program (VWP) would have to provide a comprehensive record of social media identifiers dating back five years.
These details would be submitted as part of the Electronic System for Travel Authorization (ESTA), which travellers must complete before boarding flights to the U.S. The current ESTA process requires basic biographical information, passport details, and responses to standard security questions. Social media disclosure, although previously encouraged, remained optional.
The new rule would make it mandatory, aligning visa-free travellers with the screening already imposed on student, work, and immigrant visa applicants since 2019.
U.S. Customs and Border Protection argued the rule is necessary to “keep pace with evolving threats” and ensure all travellers are evaluated “with consistent, high-value data.” Officials say social media accounts can reveal identity inconsistencies, extremist affiliations, or potential criminal patterns that may not surface through traditional checks.
Beyond social media identifiers, the proposal outlines additional expanded data requirements. Visitors may be required to provide:
● Phone numbers used in the past five years
● Email addresses from the past ten years
● Family-member details, including names, birth dates and home addresses
● Enhanced biometric data, such as facial recognition, fingerprints, iris scans or DNA profiles, when technologically feasible
● A mandatory submission through a new mobile app, replacing the existing ESTA website
Critics argue these measures represent one of the broadest digital data collection efforts ever targeted at tourists by a democratic nation. Privacy advocates say the language is vague, offering no clarity on how the data will be stored, who can access it, or how long it will remain in government archives.
Immigration lawyers warn the requirement could lead to misinterpretation or mischaracterisation of innocent online behaviour, particularly in cases where humour, satire, political criticism or cultural expressions are poorly understood by screening officers.
Civil liberties groups also fear the rule could disproportionately affect people from communities or professions where pseudonyms, shared accounts, or privacy measures are common.
