The European Commission's latest deal with the US over data usage allows the DHS to keep passenger name record (PNR) data for seven years in an active database and then another eight years in 'non-operational' storage.
The data includes political opinions, religious or philosophical beliefs, trade union membership and sexual orientation.
Information will be used only for preventing terrorism and "other serious offences that are transnational in nature", according to a statement from the Commission.
But it will be accessible by any US law enforcement agency in pursuit of " serious crimes".
The agreement has been accompanied by an Exchange of Letters wherein the DHS sets out to the Commission how the data will be handled.
However, procedures for monitoring the agreement to ensure that the US is not misusing the data will not be proposed by the Commission until October.
PNR is the generic name given to the files created by airlines for each journey a passenger books. It can comprise up to 60 fields and subfields. The DHS can obtain up to 19 of these fields, although in practice it is considerably fewer.
The agreement "pays particular attention to the need to fully respect citizens' fundamental rights and freedoms as laid down in Article 6 (2) of the Treaty on the European Union, notably the right to privacy, the need to ensure legal certainty and the protection of public security", said the Commission in a statement.
Under Article 6 (2) certain data is deemed 'sensitive', such as racial or e thnic origin, political opinions, religious or philosophical beliefs, trade union membership or information about the health or sex life of the individual.
The DHS has said that it will filter out and not use such data where it is present.
The requirement for airlines to transmit PNR data to the DHS on in-bound US flights was introduced in the US Aviation and Transportation Security Act of 2001, rushed into legislation on 19 November in the wake of 9/11.
The EU and the US signed an agreement over PNR data in May 2004, but it was deemed illegal by the European Court of Justice two years later.
An interim agreement was struck in October 2006 but this expires on 31 July 2007. The new agreement will be valid for seven years.
US to keep UK personal data for 17 years
By Andrew Charlesworth on Jul 25, 2007 2:23PM