The Global Business Travel Association (GBTA) has submitted a letter opposing stringent US data collection entry requirements that it claims threaten compliance with international personal data protection laws.
The recently approved entry requirement states that business travellers, visa travellers, and now visa-exempt travellers, may be asked to provide access to their social media accounts, phone numbers, email addresses, expanded family details and biometric data.
In a letter, from GBTA CEO, Suzanne Neufang, to the US Customs and Border Protection Office, the association explained that the requirement might not comply with different international data protection laws, such as the European Union mandates on strict limits for personal data collection, transparency and cross‑border data safeguards.
“To achieve security objectives while respecting international privacy standards, the US Customs and Border Protection should adopt a balanced approach that limits data collection to fields with demonstrable security utility and avoids unnecessary requirements such as social media and biometric data unless narrowly justified,” said Neufang.
She also cited the GBTA’s 2025 annual member survey results, which found that the new data requirements caused concern among business travellers and their agents.
