The US House of Representatives has passed a cyber-security bill amid a veto threat from President Barack Obama.
The Cyber Intelligence Sharing and Protection Act (Cispa) , would allow the government to access web users' private data on suspicion of a cyber threat.
It would also allow easier information-sharing between security agencies and private web firms.
Advocacy groups claim that it is aimed at file-sharers rather than hackers.
They also raised concerns about the transparency of the act.
In a statement on Wednesday, the White House said Mr Obama would veto the act if it reached his desk.
The administration said the law repeals "important provisions of electronic surveillance law without instituting corresponding privacy, confidentiality and civil liberties safeguards".
The bill passed the House on Thursday by a margin of 248 votes to 168. Cyber-security legislation is also being considered in the US Senate, but its bill differs considerably from Cispa and is not yet scheduled for a vote.
Before its passage, the House amended the bill to cover information garnered for the investigation of cyber-security crimes, protection of individuals from death or serious bodily harm and the protection of minors from exploitation.
Privacy groups quickly condemned the bill's passage.
"As we've seen repeatedly, once the government gets expansive national security authorities, there's no going back," Michelle Richardson, of the American Civil Liberties Union, said in a statement.
"We encourage the Senate to let this horrible bill fade into obscurity."
Bill sponsor Mike Rodgers argued the bill would make the US "a little safer and our economy better protected from foreign cyber predators".
The House bill won support from tech industry figureheads whereas an earlier piece of legislation, the Stop Online Piracy Act (Sopa) failed after web firms lined up with activists to criticise it.
Facebook, AT&T, Intel, Verizon, and Microsoft were among some 800 firms who indicated they would back the latest bill.
Writing on Facebook's corporate blog a week ago the firm's vice-president of US public policy, Joel Kaplan, said Cispa "would impose no new obligations" on Facebook to share data with anyone.
It also "ensures that if we do share data about specific cyber threats, we are able to continue to safeguard our users' private information, just as we do today," he added.