The United States and the European Union have agreed to expand a security program that shares personal data about millions of U.S.-bound airline passengers a year, potentially including information about a person's race, ethnicity, religion and health.
Under the agreement, airlines flying from Europe to the United States are required to provide data related to these matters to U.S. authorities if it exists in their reservation systems. The deal allows Washington to retain and use it only "where the life of a data subject or of others could be imperiled or seriously impaired," such as in a counterterrorism investigation.
According to the deal, the information that can be used in such exceptional circumstances includes "racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership" and data about an individual's health, traveling partners and sexual orientation.
Airlines do not usually gather such data, but officials say it could wind up in passenger files as a result of requests for special services such as wheelchairs, or through routine questioning by airline personnel and travel agents.
The data now stored includes names, addresses and credit card information as well as telephone and e-mail contacts, itineraries, and hotel and rental car reservations.
The deal, signed Thursday by the United States and approved Monday in Europe, provoked alarm from privacy and civil liberties groups. Peter Hustinx, the EU's privacy supervisor, expressed "grave concern."