Tourists to US to show off five years of social media history under Trump’s new security plan
Tourists traveling to the United States from visa-waiver countries will be required to disclose five years of social media activity under a new Trump administration proposal that significantly expands digital surveillance of foreign visitors.
The draft rule, issued by U.S. Customs and Border Protection (CBP), would create social media revelation a mandatory part of the Electronic System for Travel Authorization (ESTA) for citizens of 42 countries, including Great Britain, France, Germany, Japan and Australia. Applicants would be asked to list any social media account used in the past five years, in addition to previous phone numbers, email addresses and extensive biometric data.
The CBP notice, which will be published in the Federal Register, said officials would also collect facial images, fingerprints and other identifiers through a revamped app-only ESTA system. The change is intended to implement an executive order in which President Donald Trump directed agencies to ensure that visitors “do not bear a hostile attitude towards [the United States’] citizens, culture, government, institutions or fundamental principles.”
The new requirements build on previous measures. As of 2019, most immigrant and non-immigrant visa applicants worldwide are required to include their social media identifiers on State Department forms. More recently, the government has expanded online presence screening of international students and exchange visitors, with consular guidelines explicitly directing them to disclose all platforms used in the past five years, including inactive accounts. The latest proposal would expand this more intrusive “extreme screening” from higher-risk visa categories to millions of short-stay tourists who previously received relatively light screening.
The travel and tourism industries are warning that the move could have a chilling effect just months before the 2026 World Cup, which the US will co-host with Canada and Mexico. Industry analysts told Skift that the plan adds “a mandatory digital hurdle” for some of the country’s most valuable visitors and risks deterring “high-spending, low-risk” travelers. With FIFA expecting millions of fans to move between North American host cities, any confusion or delay surrounding Esta could spread across airlines, hotels and stadiums.
Civil liberties groups claim the proposal will pressure travelers to clean up their online lives and punish legitimate dissent. Privacy advocates at the American Civil Liberties Union (ACLU) say requiring social media history as a condition of access invites ideological screening and “inevitably encourages self-censorship,” echoing previous ACLU warnings that passwords and messages should not become de facto visa requirements.
The proposal joins a broader wave of frontier technology. This is evident from official CBP statistics search for electronic devices ports of entry have more than quadrupled in the past decade, from about 8,500 in 2015 to more than 46,000 in 2024. Wired recently reported that nearly 15,000 phones and laptops were examined in a single quarter this year, the highest figure ever.
A separate analysis from the Center for Democracy and Technology found that data scraped from devices could be stored in DHS databases for up to 15 years and accessible to thousands of officials. Rights groups warn that combining long-term device data with five years of social media history could create a powerful, opaque surveillance infrastructure with little judicial oversight.
European governments and regulators are also scrutinizing the plan. Outlets in France, Ireland and the United Kingdom have highlighted tensions between the US proposal and European data protection standards, noting that blanket collection of social media identifiers could breach the principles of necessity and proportionality under EU law. Data transfer arrangements between the EU and the US, already vulnerable following previous lawsuits, could be subject to new legal tests if the online identities of European travelers are systematically collected and stored in US systems.
Proponents of the policy within the government see it as a logical extension of existing national security tools. Officials argue that open source intelligence and social media analytics have become central to threat assessments and that it is becoming increasingly difficult to treat citizens of wealthy allies differently from other visitors. A senior homeland security official, speaking to US media, said this was the goal “ensure that the privilege of visa-free travel is reserved for persons who do not pose a threat to security or public order.”
Critics counter that the dragnet is both too broad and ineffective. Security experts warn that sophisticated actors can easily purge or compartmentalize their online presence, while ordinary tourists – students, families and retirees – will bear the brunt of the new bureaucracy. Tourism organizations fear the proposal, combined with rising fares and already aggressive border controls, will further erode the United States’ reputation as an open, welcoming destination.
CBP’s notice triggers a 60-day public comment period, during which civil liberties groups, technology companies, foreign governments and industry associations are expected to weigh in. Legal challenges are considered likely if the rule is finalized in its current form, setting up a high-stakes clash between national security arguments and evolving global norms on privacy and free expression in the digital age.
