Irish citizens planning short-term trips to the United States may soon face the most intrusive pre-departure vetting since the Visa Waiver Program (VWP) was created in 1986. A draft rule published by U.S. Customs and Border Protection (CBP) on 11 December would make it compulsory for Electronic System for Travel Authorization (ESTA) applicants to list every social-media handle used in the past five years and provide expanded biographical, contact and biometric data. The rule – which is open for 60 days of public comment – follows a January 2025 executive order on tightening national-security screening and would apply to all 40 VWP countries, including Ireland.
Under the proposal, Irish travellers would also have to supply telephone numbers used in the past five years, e-mail addresses from the past decade, IP addresses linked to recent online activity, and detailed information about parents, spouses, siblings and children. CBP is considering scrapping the ESTA website entirely and funnelling the roughly 14 million annual applicants through its mobile app, which would harvest facial images, fingerprints, DNA and iris-scan data. Fees have already doubled this year—from US$21 to US$40—adding a financial hurdle to the additional privacy burden.
VisaHQ, an online visa and travel-document consultancy, can help Irish individuals and companies navigate these looming requirements. Through its Ireland portal (https://www.visahq.com/ireland/), the service offers real-time updates on U.S. entry rules, step-by-step application guidance and dedicated customer support, streamlining both ESTA submissions and alternative B-1/B-2 visa filings to minimise delays and compliance risks.
![U.S. proposal could force Irish ESTA travellers to hand over five-years of social-media history]()
For Irish corporates, the change would complicate routine U.S. business travel. Companies will need to update employee travel policies, train staff on the new disclosure requirements and factor in longer lead-times for authorisation. Data-protection officers must also assess whether submitting social-media credentials violates EU General Data Protection Regulation (GDPR) principles, especially if CBP retains the data for extended periods. Some multinationals are already weighing a shift from the visa-waiver route to the more predictable—but slower and costlier—B-1/B-2 visa process for sensitive travellers.
Privacy advocates on both sides of the Atlantic argue that compulsory social-media disclosure chills free expression and could facilitate algorithmic profiling. Football Supporters Europe, whose Irish members hope to attend the 2026 World Cup in North America, called the measure “profoundly unacceptable” and urged Washington to withdraw it. Legal challenges are likely once the final rule is issued, but experts caution that litigation would not automatically suspend implementation.
Practically, Irish travellers should start auditing their digital footprint well in advance of travel, ensuring consistency between online aliases and passport data, and be prepared for follow-up questions at U.S. pre-clearance in Dublin and Shannon. Employers should track the public-comment process, consider submitting feedback via industry associations, and prepare contingency plans—including alternative destinations or remote meetings—if approvals become unpredictable in 2026.
Under the proposal, Irish travellers would also have to supply telephone numbers used in the past five years, e-mail addresses from the past decade, IP addresses linked to recent online activity, and detailed information about parents, spouses, siblings and children. CBP is considering scrapping the ESTA website entirely and funnelling the roughly 14 million annual applicants through its mobile app, which would harvest facial images, fingerprints, DNA and iris-scan data. Fees have already doubled this year—from US$21 to US$40—adding a financial hurdle to the additional privacy burden.
VisaHQ, an online visa and travel-document consultancy, can help Irish individuals and companies navigate these looming requirements. Through its Ireland portal (https://www.visahq.com/ireland/), the service offers real-time updates on U.S. entry rules, step-by-step application guidance and dedicated customer support, streamlining both ESTA submissions and alternative B-1/B-2 visa filings to minimise delays and compliance risks.
For Irish corporates, the change would complicate routine U.S. business travel. Companies will need to update employee travel policies, train staff on the new disclosure requirements and factor in longer lead-times for authorisation. Data-protection officers must also assess whether submitting social-media credentials violates EU General Data Protection Regulation (GDPR) principles, especially if CBP retains the data for extended periods. Some multinationals are already weighing a shift from the visa-waiver route to the more predictable—but slower and costlier—B-1/B-2 visa process for sensitive travellers.
Privacy advocates on both sides of the Atlantic argue that compulsory social-media disclosure chills free expression and could facilitate algorithmic profiling. Football Supporters Europe, whose Irish members hope to attend the 2026 World Cup in North America, called the measure “profoundly unacceptable” and urged Washington to withdraw it. Legal challenges are likely once the final rule is issued, but experts caution that litigation would not automatically suspend implementation.
Practically, Irish travellers should start auditing their digital footprint well in advance of travel, ensuring consistency between online aliases and passport data, and be prepared for follow-up questions at U.S. pre-clearance in Dublin and Shannon. Employers should track the public-comment process, consider submitting feedback via industry associations, and prepare contingency plans—including alternative destinations or remote meetings—if approvals become unpredictable in 2026.
