#42 So you want to enter the US? Let's take a look at your social media first!
"Wow! Even China doesn´t do this"
At some point in 2026, if you want to enter the United States of America without a visa, you’ll have to undergo “an evaluation of your behavior and ideology regarding the country, its citizens, its culture, its government, institutions, and principles.”
The novelty affects 42 countries: mainly those in the EU.
It refers only to visa-exempt travelers (study or work visa applicants are already required to provide this kind of info, though not as extensively), and it’s currently a legislative proposal published a week ago, open to public comment for 60 days.
What information will you need to provide?
The new “ESTA” form would require significantly more personal information.
Social media used in the last 5 years: platforms and usernames used (Facebook, Instagram, Twitter/X, TikTok, LinkedIn, etc.)
Phone numbers from the past 5 years.
Email addresses from the past 10 years.
Detailed information about close relatives: full names, birth dates and places, address and other contact data for parents, siblings, spouse, and children.
Additional technical and biometric data: for example, associated IP addresses and metadata from photos submitted with the application, as well as a selfie/facial photo of the applicant. It would also include fingerprinting in advance, and possibly advanced biometrics like DNA or iris scan if technology allows it. (Photos and fingerprints are already collected at customs, but this would shift that to the pre-travel stage.)
Traditional visa forms (like the DS-160 for tourist, student, or work visas) already include questions about the applicant’s current occupation, employer, and employment history, but that’s not the focus of this new measure.
By the way, things have already gotten just as spicy for visa applicants:
What criteria will be used in the evaluation?
From least to most surprising:
Determinants: expressions of support for terrorist or extremist organizations, violent propaganda, illegal plans, or any content suggesting a threat to public safety.
Evidence of criminal activity or lying on the application: For example, if posts reveal involvement in crimes, or if someone claims a certain job or purpose for travel but their social media contradicts it, it could be considered fraud or falsehood, grounds for denial.
Profiles will be reviewed for signs of “dangerous” behaviors or ideologies.
Your history of political activism will be examined.
But... wait a second! “Political activism” is pretty vague… Sources point specifically to content “pro-Hamas” and/or “antisemitic activities.”
These concepts used to be easy to apply... but not so much lately. That’s why they don’t seem ideal for these purposes.
This year we all saw that anyone who dared to say something as obvious as “what the Israeli army (and settlers) have done in Gaza is not unlike the horror the Jewish people suffered during WWII” could publicly be labeled as a Hamas supporter and Adolf Hitler reincarnated at the same time.
So yes: things could get interesting if you want to (or have to, for work or whatever) travel to the USA.
Lastly: the exact criteria won’t be published… “so as not to tip off the bad guys.” Ah! Long live accountability and governance!!
“But I wasn’t serious”, “They don’t get it: my post was ironic…”
Good luck with that: back in 2012 they sent some kids back home for tweeting “we’re going to party in the US, we want to dig up Marilyn Monroe’s corpse” — a nod to the show “Family Guy.”
Remember, this is already done by default to anyone who boards a plane, even if they don’t plan to enter the United States: a London–Palma flight was “escorted” to its regular landing by Spanish fighter jets and a dark-skinned British student —and I point this out because it’s considered a risk factor— ended up in front of the Spanish High National Court (but was acquitted) for tweeting a couple of jokes.
What’s the goal?
Trump summed it up like this: “we want to make sure we don’t let the wrong people into our country.”
But in practice, these vague legal concepts always favor those in power and harm the citizen.
A couple of generations ago, to get a job in Spain you needed a “certificate of good conduct”… from the priest in your hometown. You read that right. What was “good conduct”? Whatever the priest decided, and you were at his mercy.
The legal concept you’re looking for is “arbitrariness” (the priest thing), which should be reduced to —as I always say— the application of transparent, equal rules for all, or at least to equally regulated “discretion.”
It’s worth remembering that when it comes to intrusiveness into private life, both Democratic and Republican governments in the US have historically fared equally poorly: each one inherits and expands on the previous one’s measures.
What if I say I don’t have social media?
It’s worth noting that not having social media is not penalized, but lying about it is: an applicant who claims to have no accounts when they actually do could be rejected for hiding information.
And what if I delete all my posts making fun of the Dorito, calling him Risketto or TACO before traveling?
Remember that in the context of the annulments of “Safe Harbour” and “Privacy Shield,” US intelligence authorities stated —with a straight face— that by passively copying and storing metadata of communications between foreigners (and, of course, posts on public social networks), they were not “processing” personal data.
They claimed they only processed data when they had grounds to “open and read” that content.
So no, that won’t help.
Is there a way to bypass all this?
Of course. Did you doubt it? Dorito man always has a solution.
And it’s always the same one. Whether it’s meant for you is another story.
We’re going on vacation, but we’ll hit you witt a not-so-festive (but fun) post: our take on something trendy during the holidays that we don’t like.
You’re reading ZERO PARTY DATA, the newsletter on current affairs and tech law by Jorge García Herrero and Darío López Rincón.
In the spare time this newsletter leaves us, we enjoy solving tricky situations related to personal data protection and artificial intelligence regulation. If you’ve got one of those, give us a wave. Or contact us by email at jgh(at)jorgegarciaherrero.com.
Thanks for reading Zero Party Data! Sign up!
🗞️News of the Data-world 🌍
.- Paypal steals your data: An expert report reveals numerous violations of data protection regulations at PayPal. The report notes excessive data collection, lack of transparency, and the snatching (a term I just coined) of user consent via all kinds of dark patterns.
.- Fascinating latest post by Lukasz Olejnik, challenging the well-worn narrative that political and social polarization is mostly due to “filter bubbles” and “echo chambers.” According to him, information segmentation matters less than pre-existing biases that predispose users to certain beliefs. The factor he identifies (and even quantifies with a formula) is something I completely buy: people do see value in opposing views but won’t admit it for fear of retaliation from their own group. This convection force is more decisive than the “filter bubble” concept.
In my experience, when you find one of those voices able to annoy multiple opposing tribes at the same time —that is, with some degree of thought— they’re worth tracking.
Additionally, here’s a brilliant two-minute explanation of the same concept from the lens of applied psychology.
.- Paul Krugman is one of the few who still believe in the EU’s economic potential.
📖 High density docs for data junkies ☕️
.- CEDPO publishes a detailed FAQ doc for DPOs on the Data Act. I was intrigued by the exploration of “data sharing” in cloud contexts, with tips to ease the regulatory transition. Also good: “Question 18: Is profiling prohibited under the Data Act?”. The play between Article 22 and point 6.2.b: “notwithstanding Article 22(2)(a) and (c) of Regulation (EU) 2016/679.”
Authors: Thomas Ajoodha, Filippo Bianchini, Lionel CAPEL, Julie Crawford, Paul Jordan, Paul Lambert, Dr. Maria Moloney, Samira Marquaille, Massimiliano Pappalardo, Jeremiah Russell, Dr. Sachiko Scheuing, Henry Simwinga.
.- The results of a massive study with 80,000 UK participants on how AI models can shift political beliefs won’t surprise you. Persuasive power is significant and depends more on fine-tuning and prompt engineering than model size. Outputs crammed with detailed information shift opinions the most —“although they increase the risk of inaccuracies” LOL-sniff-[bursts into tears]. Authors: Kobi Hackenburg, Ben Tappin, Luke Hewitt, Ed Saunders, Sid Black, Hause L., Catherine Fist, Helen Margetts, David Rand, Christopher Summerfield.
.- The German DPA confederation (DSK) publishes a report on the European Commission’s Digital Omnibus proposal to regulate the use of legitimate interest as a legal basis for AI training.
.- The GUIDE to conducting FRIAs (Fundamental Rights Impact Assessments) from the Dutch Institute for Human Rights.
.- Yes, friends, the Spanish AI Agency really messed up (or fixed?) our Christmas: here’s the link to their many guides.
💀Death by Meme🤣
📄Paper of the week and Useful Tool
.- If you only read one, make it this: What If Algorithmic Fairness Is a Category Error? by Arvind Narayanan. Why? You’ll have to read it to know. Bitch.
.- As a total holiday surprise, CNIL released a promising app/webapp for minors: FantomApp. Well, and for adults too. You tend to eye public authority tools suspiciously, but this one might actually work well — at least for kids not yet fully absorbed by influencers.
👻 Image blur tool, password strength checker, and BIO visibility test (via multiple-choice questions on whether or not to include your name…). All three work decently.
👻 Step-by-step guides on what to do if you’re hacked, want to request data erasure, facing cyberbullying, scam, or identity theft.
👻 How to disable location tracking, BIO ads, or enable two-factor authentication — with screenshots from Instagram, Snapchat, WhatsApp, X, and TikTok.
🙄 Da-Tadum-bass
Do you think the authors of this foul-mouthed newsletter will be allowed into the US? Time will tell.
If you think someone might like—or even find this newsletter useful—feel free to forward it.
If you miss any document, comment, or bit of nonsense that clearly should have been included in this week’s Zero Party Data, write to us or leave a comment and we’ll consider it for the next edition.