ESTA Visa Waiver Data Privacy

Published: Sep 28, 2015, Updated: Oct 15, 2022 | Tags: ESTA, Visa Waiver Program, ESTA Data Privacy

Who has access to the data shared with ESTA and how is it protected?

The information to the ESTA submitted by applicants can only be accessed by those who are required to deal with it. All data is strictly controlled and the standards of security are privy to the industry standards found in similar screening programs for travellers.

Is any ESTA data shared with third-parties?

Data is not shared frivolously and remains within rules set out by the Privacy Act System of Records Notice and these regulations can be found on the DHS website. There are a few instances where data may be shared outside of the ESTA framework. Those instances include:

• The sharing of information with different sectors of the DHS. This sharing is selective and compartmentalized so that the information and the information may only be used if the use is in correlation to the sector’s duty.
• Consular offices of Department of State. This sharing is in the aftermath of a travel authorization denial and is for the specific purpose of helping the officers make a decision regarding the visa based on the information that is supplied.
• Sharing of relevant information with recognized and proper federal, state, local, tribal and foreign governmental agencies. As well as other joint government institutes.
• "Information may be shared with appropriate federal, state, local, tribal, and foreign governmental agencies or multilateral governmental organizations responsible for investigating or prosecuting the violations of, or for enforcing or implementing, a statute, rule, regulation, order or license, or where DHS believes information would assist enforcement of civil or criminal laws."
• Sharing of information can be determined by the DHS is they find that the sharing of the information can be directly beneficial for anti-terrorist motions, or if it is used for compiling information related to national and/or international security felony.

The carriers only have access to your status. They receive no personal information other than that directly pertaining to the travel authorization.

How long will my data be stored on the ESTA platform?

Generally the information remains active for as long as your travel authorization is active, which is a period of two years. This can be shorter if your travel authorization expires sooner than expected for any reason, for example, your passport expires before the official expiry date of your travel authorization, whereby your TA will automatically expire along with your passport.

After your Travel authorization has expired, the DHS will hold onto the data for a further year.

After this period, your information will then be archived for a further twelve years.

Data being used for the following reasons will be kept for the span of the activities they are in use for:

• Data still actively being used or linking to law enforcement activities
• CPB Data linked and matched to Investigations this is inclusive of denied applications.

Why is my data archived and who has access to it?

All data is archived after expiry of the travel authorization. This is to ensure the availability of the information so that it can be recovered should it be needed for national security, investigation, and other related law enforcement purposes.

There is limited access to the data after it has been archived and it will be recalled only for the purposes mentioned above.