The vote came a day after European Union ministers overcame similar privacy concerns and agreed to give their own law enforcement authorities access to more limited passenger data.
To combat terrorism, Washington has demanded airlines headed for the United States transmit extensive passenger information - from credit card numbers to meal preferences - within 15 minutes of departure. Noncompliance can be punished with fines of up to $6,000 a passenger and the loss of landing rights.
Airlines, caught between having to satisfy U.S. demands and EU privacy law, have been operating under interim arrangements while negotiations were underway. The agreement reached last December is less than Washington initially sought as far as the amount of data that can be collected, who can see it and how long it can be stored.
But the Parliament, meeting in Strasbourg, France, voted 229 to 202 for a nonbinding resolution calling on the European Commission, which negotiated on behalf of the EU, to demand a better deal.
The resolution said there is no legal basis for supplying commercially gathered data for "public security purposes."
"Such access is illegal under member state and EU privacy laws," the resolution said, adding Parliament reserved the right to mount a legal challenge at the European Court of Justice if the agreement is adopted by the full Commission as is.
Commission spokesman Jonathan Todd said only that the Commission would "reflect on its next steps at a forthcoming meeting," adding there was no deadline.
Parliament, however, aims to act before new elections in June, a spokesman said. The last plenary session is May 3-6.
Parliament had to be consulted before the agreement is adopted, but cannot block it on its own.
Dutch Liberal Johanna Boogerd-Quaak, who drafted the resolution, noted that EU national data protection commissioners concluded in January that the present agreement was still inadequate.
"We are not satisfied with the privacy safeguards secured by the Commission, and we now expect them to withdraw their decision and come back with better safeguards," said Boogerd-Quaak.
Commission officials have defended the agreement as striking a balance between privacy concerns and the need to combat terrorism.
The information to be required from airlines landing in Europe is less extensive than that sought by Washington. The EU measure would be limited to name, date of birth, nationality, passport number and flight information.
EU interior and justice ministers rejected moves by France, Sweden and some other EU governments to require the information be wiped from computer records after just 24 hours, allowing countries that want to keep it longer to do so.
British Home Office Minister Caroline Flint called the proposed restrictions incompatible with British law and a pledge last week for greater cooperation in tracking terrorists in the wake of the Madrid train bombings.
Irish Justice Minister Michael McDowell said ministers agreed limiting access to the data to customs or immigration agencies as initially proposed a year ago was no longer sufficient.
"I don't think the people of Europe would forgive us if information which could prevent an atrocity was sitting in files ... and simply not capable of being consulted by people who needed to have access to it to save lives," he said Tuesday night.
By Paul Geitner
By Paul Geitner