European data protection authorities have criticised a draft decision by the European Commission which allows US government agencies access to information on European citizens travelling to the US, for inadequate protection of private information.
The US said the data, which includes information about how and where a plane ticket was purchased, is needed to help avert terrorist attacks.
The commission concluded in December that assurances from the US Department of Homeland Security were adequate to ensure citizens' rights to privacy.
The data protection authorities disagreed on several counts at a meeting late last week. Yesterday they urged the commission to tighten up the agreement to prevent US authorities from transferring sensitive information about European citizens, such as their race and religion.
The commission agreed to allow such transfers, as long as the information was deleted and not shared among government agencies. The data protection authoritiess argued that the sensitive data should not be transferred in the first place.
The commission also allowed US authorities to use information about European citizens to test its controversial domestic data research tool called CAPPS II, which has yet to be approved by the US Congress.
The US government has assured the commission that any information about Europeans travelling within the US will not be gathered systematically, but that some such data may be included in tests being carried out at present.
This was unacceptable to the data protection authorities. "The working party recommends the commission to make clear that US authorities shall refrain from using passenger data transmitted from the EU, not only to implement the CAPPS II system, but also to test it," they said.
Commission spokesman Jonathan Todd said comments from the data protection authorities would be taken into account.
Later this month the commission will seek support of its bilateral agreement with the US from member state governments and the European Parliament. Failure to secure support may force the commission to reopen negotiations with the US, a source close to the commission said.
Paul Meller writes for IDG News Service
Read more on IT for government and public sector
UK data exchanges with EU can continue after adequacy decision - but for how long?
MEPs urge European Commission to revise UK adequacy decisions
All EU states can take data protection cases against Facebook, says EU court
Schrems v Facebook: European court strikes down EU-US Privacy Shield agreement