The legislature meeting in Strasbourg, France approved the deal in a 409-226 vote with 33 abstentions, revising the agreement after years of resistance to a deal on handing over such information.
The seven-year accord enables airlines in Europe to give the U.S. Department of Homeland Security data about trans-Atlantic travelers prior to departure without fear of violating any EU privacy rules.
The data includes 19 pieces of information known as a passenger name record that include, among other things, reservation date, payment method, seat number, and travel itinerary.
U.S. authorities agreed to mask out passengers' names and contact details after six months. The stored data would be kept for up to five years, at which time it would be moved to a dormant database for up to 10 additional years. After that, the data retained would be fully anonymized by deleting all information that could identify a passenger.
The new accord replaces a provisional 2007 agreement and prevents European airlines from flying in legal limbo, forcing them to choose between violating EU or U.S. law.
Last year the U.S. Senate passed a resolution calling for further action, with Joe Lieberman, chairman of the Homeland Security Committee, saying the U.S. simply cannot accept cutting off the data, which he called an important part of our layered defenses against terrorism.
EU Home Affairs Commissioner Cecilia Malmstrom said Thursday's agreement provides both legal certainty for airlines and stronger protection for passenger privacy.
The new agreement is a substantial improvement on the existing Agreement from 2007, she said in a statement. It fully meets the security needs of the United States of America and the EU. Under the new agreement, data of passengers travelling to the United States of America will be used to fight serious transnational crime and terrorism.
Thursday's agreement marks a sharp contrast from the previous five years of debate over whether to scale back agreements allowing the U.S. to access and store data of air passengers. Many in the EU had argued that it was an invasion of privacy that could lead to false arrests.
Critics of the agreement argue that it does not provide sufficient privacy protections for EU citizens and that passenger data has never played a role in catching suspected criminals or terrorists. The U.S. Department of Homeland Security, however, insists that the data is needed to pursue criminal investigations.