Callback
Contact
+1 786 233 6668
Greg Lindsay is a non-resident senior fellow at the Atlantic Council’s Scowcroft Center for Strategy and Security’s GeoStrategy Initiative and at Arizona State University’s Threatcasting Lab.
The views expressed in this essay are those of the author and do not imply or reflect the views of any of the organizations with which he is affiliated.
A new US push to collect extensive personal data from travelers — specifically those who currently enter under the Visa Waiver Program (VWP) using only an Electronic System for Travel Authorization (ESTA) — could end visa-free entry in all but name. Set against efforts to centralize government data and expand surveillance, the shift may broaden screening beyond security while raising uneasy questions about how such information might later be accessed or shared, including with governments whose political priorities diverge from long-standing democratic norms.
When US Vice President J.D. Vance took the stage at the Munich Security Conference in February 2025, he promptly delivered a ‘wrecking ball’ to transatlantic relations. The greatest threat to Europe, he declared, came not from Russia or China, but “from within” — through migration and, in his view, democratic backsliding. “If you’re running in fear of your own voters,” he admonished the allies present, “there is nothing America can do for you.”
The speech sent shockwaves through the hall, but it was merely a prelude. In the months since Munich, the Trump administration has steadily codified its contempt into policy, culminating this month in a quietly explosive proposal threatening to transform the VWP from a hallmark of democratic solidarity into an instrument of total surveillance.
On December 9th, US Customs and Border Protection (CBP) published a proposal in the Federal Register that would require citizens of 42 allied nations, including Britain, France, Germany, and Japan, to submit five years of social media history, a decade of email addresses, telephone numbers, IP addresses, and detailed information about parents, spouses, siblings, and children, including their dates and places of birth. Biometric data would include facial recognition, fingerprints, and DNA — all of which could be retained for as long as 75 years.
For holders of European passports long accustomed to near-frictionless entry, the implications extend beyond inconvenience. This is data that could be used for real-time ideological screening, shared with sympathetic foreign governments, and weaponized against travelers whose views run afoul of Washington’s current occupants. The current US ESTA requires little more than the applicant’s name, home address, email address, phone number, and a USD 40 fee. While social media disclosure has been optional since 2016, now the absence of such disclosure may become grounds for suspicion.
This proposal did not emerge in a vacuum. Since its publication — which started the clock on a pro forma 60-day notice and request for public comments — the Trump administration has swiftly expanded its travel-and-immigration ban from 19 to 39 countries, suspended the green card lottery, canceled and rescheduled H-1B and H-4 visa appointments to allow more time for social media vetting, and reportedly plans to ramp up efforts to strip naturalized Americans of their citizenship. Well before that, there had been reports of CBP agents turning away European visitors at the border for social media posts critical of the president or expressing solidarity with Palestinians. Not content with this soft ban on dissent, the US State Department promptly sanctioned former European Union commissioner Thierry Breton and several activists fighting online hate speech for their efforts to rein in US social media platforms.
All of this suggests a redoubled effort to systematize what had previously been an ad hoc effort to target travelers on the basis of their origins and beliefs rather than potential security threats.
What should concern Europeans the most, however, is not the data collection itself but its intended destination(s). From the outset, the Trump administration has pursued an aggressive campaign to literally rewire the federal government in accordance with its ‘unitary executive theory’. To that end, Elon Musk’s short-lived Department of Government Efficiency (DOGE) dispatched staffers to critical departments early on in a stealthy effort to unify various databases into a single IT infrastructure. In March 2025, President Trump issued an executive order explicitly demanding the same, and less than a month later, Wired and other news outlets reported that DOGE had recently staged a ‘hackathon’ at the Internal Revenue Service to prototype a single interface overlaying all taxpayer data.
The contractor subsequently hired to build this system is the data analytics firm Palantir Technologies Inc., co-founded by billionaire and Vance benefactor Peter Thiel. The company already provides US Immigration and Customs Enforcement with its ‘ImmigrationOS’ platform for identification and deportation operations, and reporting has revealed how the firm joins various datasets in pursuit of these efforts.
Noah Kunin, the co-founder and former infrastructure director of the now-shuttered federal technology agency 18F, has warned these initiatives aim at something far more comprehensive than government efficiency. He somewhat conspiratorially dubbed this ‘the Crown’ — a unified surveillance apparatus enabling unprecedented executive authority over not just arms of the government but individual citizens. The idea has antecedents, including the Total Information Awareness program abandoned after post-9/11 outcry and the National Security Agency’s XKEYSCORE software described by the whistleblower Edward Snowden. What distinguishes the present moment is both the technology available and the political will to deploy it.
There is another dimension worth considering. In a recent report I co-authored for the US Secret Service on ‘microtargeting’, we introduced the concept of ‘transitive data’ — the phenomenon by which joining multiple datasets produces relationships that are not just quantitatively more but qualitatively different. Properties become ‘entangled’, with one dataset influencing another despite no apparent connection. We identified this as a vulnerability for threat actors targeting the United States. But it is not beyond the realm of possibility that the Trump administration will deploy similar techniques itself, using social media histories not as static records but as inputs for real-time sentiment analysis and location tracking of visitors deemed ideologically suspect to the White House — and its present-and-future allies.
For Europeans, and any other formerly allied nations within Trump’s crosshairs, the implications are stark. The data collected under this proposal — which would be legally challenged under GDPR if any EU government sought it — would allow algorithmic screening not only for security threats but also for ideological fit. In an administration that has openly expressed sympathy for Europe’s far-right parties, from Viktor Orbán’s Hungary to Germany’s far-right-wing AfD, and has hinted at a willingness to interfere in erstwhile allies’ domestic politics, the question becomes: to whom might such data eventually be transmitted?
Whatever the proposal’s fate, it signals something more permanent: the end of an era in which the passport of a wealthy allied nation guaranteed frictionless entry into the United States. The Visa Waiver Program was born in 1986 as an expression of Cold War solidarity. Its transformation into an instrument of ideological vetting may prove its epitaph.
Henley & Partners assists international clients in obtaining residence and citizenship under the respective programs. Contact us to arrange an initial private consultation.
