Travellers flying into the US from Europe will have their personal data collected by the airline and kept on record by the US Department of Homeland Security (DHS) until 2022.
The European Commission's latest deal with the US over data usage allows the DHS to keep passenger name record (PNR) data for seven years in an active database and then another eight years in 'non-operational' storage.
The data could include political opinions, religious or philosophical beliefs, trade union membership and sexual orientation.
Information will be used only for preventing terrorism and "other serious offences that are transnational in nature", according to a statement from the Commission.
But it will be accessible by any US law enforcement agency in pursuit of " serious crimes".
The agreement has been accompanied by an Exchange of Letters wherein the DHS sets out to the Commission how the data will be handled.
However, procedures for monitoring the agreement to ensure that the US is not misusing the data will not be proposed by the Commission until October.
"I can't see any valid reason why [DHS] would need to retain PNR data for that length of time," said Graham Titherington, principal analyst at Ovum. "But the primary concern is not the length of time but that the data is being exchanged at all."
"This information will be hacked; it will leak at some point," Titherington warned.
PNR is the generic name given to the files created by airlines for each journey a passenger books. It can comprise up to 60 fields and subfields. The DHS can obtain up to 19 of these fields, although in practice it is considerably fewer.
The agreement "pays particular attention to the need to fully respect citizens' fundamental rights and freedoms as laid down in Article 6 (2) of the Treaty on the European Union, notably the right to privacy, the need to ensure legal certainty and the protection of public security", said the Commission in a statement.
Under Article 6 (2) certain data is deemed 'sensitive', such as racial or e thnic origin, political opinions, religious or philosophical beliefs, trade union membership or information about the health or sex life of the individual.
The DHS has said that it will filter out and not use such data where it is present.
The requirement for airlines to transmit PNR data to the DHS on in-bound US flights was introduced in the US Aviation and Transportation Security Act of 2001, rushed into legislation on 19 November in the wake of 9/11.
The EU and the US signed an agreement over PNR data in May 2004, but it was deemed illegal by the European Court of Justice two years later.
An interim agreement was struck in October 2006 but this expires on 31 July 2007. The new agreement will be valid for seven years.
Kicking Palantir off of AWS is among their demands, too
Rafaela Vasquez was watching The Voice at the time of the crash, new evidence shows
PUBG price slashed on Steam after selling more than 50 million copies - as daily player numbers plunge
Use the same password for every website? It might be time to change them all