American authorities will be able to obtain greater access to private information such as credit card transactions, internet browsing habits and travel histories of people in Britain under a deal being finalised by European Union officials.

An internal report leaked to The New York Times yesterday said the EU was on the verge of agreeing to give US law enforcement and security agencies information about all EU citizens.

Talks on the new data-sharing deal have been going on since last year. Negotiators are trying to agree on minimum standards to protect privacy rights. This would include limiting access to information to "authorised individuals with an identified purpose" for their search. The Americans want to secure final agreement before President Bush leaves office in January.

This weekend, privacy campaigners said the move would allow the Americans to carry out "fishing" expeditions against anyone they deemed to be of interest and would further undermine individual privacy.

Shami Chakrabarti, director of Liberty, said: "We can barely trust our own authorities with sensitive personal information. What redress will we have on the other side of the Atlantic if our details are lost or abused?"

The Foreign Office would make no comment yesterday and an EU spokesman declined to discuss the matter. Stewart Baker, assistant secretary for policy at the US department of homeland security, said that the deal would make it easier for the US to obtain private information on individuals from banks, credit card firms and other companies in Britain and the EU.

He said many firms faced sanctions from the EU if they were deemed to have passed information to the US in breach of data protection laws. The deal would in effect give them greater protection from punishment in the future. It would apply to airline passengers and anyone whom the US government had legitimate authority to obtain information about, he added.

The internal report said negotiators had largely agreed on an "international binding agreement". The pact would make it clear that it was lawful for European governments and companies such as internet and credit card firms to transfer private information to the United States and vice versa.

Officials have still to resolve whether European citizens should be able to sue the US government over its handling of personal data. The deal is designed to resolve conflicts over information-sharing between the EU and the US that followed the 9/11 attacks in America.

The US government demanded access to customer data held by airlines flying out of Europe and by a consortium, known as Swift, that monitors global banking transfers. American officials wanted the data so that they could search for suspicious activity.

Barry Steinhardt, a lawyer at the American Civil Liberties Union, said: "Clearly it's a broad exchange of data. It's another example of the US drawing in the rest of the world to sacrifice its principles.

"The US is essentially asking the rest of the world to conform to our very limited notion of what's private.

"It's not a full-scale transfer of data between Europe and the United States. But it provides for wide access to data which are supposed to be protected under EU law."

Additional reporting: Sarah Baxter