10 hours Ago
12 privacy lawsuits, 6 federal agencies, the data of millions reportedly at risk – all in less than 30 days. The newly created Department of Government Efficiency (DOGE) – an "advisory body" led by Elon Musk – has caused quite a stir since its inception.Tasked with cutting governmental costs and weeding out fraud, waste, and abuse, DOGE has ordered federal agencies to sack thousands of government employees and delved into agency systems holding sensitive information concerning millions of Americans.
Usually when we're discussing data privacy, tools like the best VPNs and the best password managers are cited as effective remedies – but this is different.The data DOGE wants access to isn't the kind that can be protected by individuals. It includes legal names, social security numbers, race, disabilities, income, and even citizenship status and whether you've been incarcerated.
Lawsuits claiming Musk, Trump, and DOGE are breaking the law have piled up. Serious data privacy concerns have been raised regarding DOGE's actions – many stemming from the fact that Musk is not an official government employee, and should not have access to sensitive data.As noted in a White House declaration, the tech billionaire "has no actual or formal authority to make government decisions himself" and is not the administrator in charge of DOGE's day-to-day operations.
Instead, Musk is described instead as a "senior advisor" to President Trump.So, is DOGE breaking the law, and what do these measures mean for American data privacy?What has DOGE done?(Image credit: ROBERTO SCHMIDT / Getty Images)Put simply, there are serious data privacy concerns surrounding DOGE's actions. DOGE is aiming to access sensitive federal agency data in order to carry out its cost-cutting effort.
DOGE's executive order states it should have "full and prompt access to all unclassified agency records, software systems, and IT systems."However, DOGE having access to this data is claimed to be unlawful and violates the Privacy Act 1974. It isn't always clear who those accessing the data are, and the more the data is accessed and moved, the greater risk of a breach.
A White House official told Reuters that all DOGE staff – many of whom are recent tech graduates and were recruited via Discord – are federal employees who have the appropriate security clearances. However, questions are still being asked over the freedom given to seemingly inexperienced DOGE staff.This includes 19-year-old Edward Coristine, a known leaker and someone who appears to have frequented Discord and Telegram communities focused on cybercrime.
It is alleged he solicited recommendations for a third-party service that could perform cyberattacks, and now has supposedly been granted access to the State Department and Department of Homeland Security (DHS) as an "advisor."Your data at riskDOGE wants to access your:- Legal name- Social Security Number- Family income- Citizenship status- Incarceration information- Home and work address- Medical information- Family information- Pregnancy and births- Marriage and divorce- Job loss- Family deaths- Race- Sex- DisabilitiesAl-Jazeera reported that DOGE is pushing to access the IRS' protected Integrated Data Retrieval System (IDRS). IDRS data relates to sensitive tax information, including social security numbers, home addresses and income status.
It is unclear whether this has been achieved. As of February 20, access hadn't been granted.The Labor Department has given DOGE access to vast amounts of its data.
Labor Department employees were reportedly worried about the access available to inexperienced staffers, and the move was the opposite of what the department would typically do to protect privacy.It has also been reported that DOGE is feeding information from the Education Department into AI software to hunt for potential spending cuts. The issues around AI and data privacy are still emerging, but AI having access, and potentially storing and learning from this data, is a concerning development.
It is unclear, but unlikely, that the individuals whom this data concerns have consented to this usage.It isn't known how secure DOGE's data storage facilities are, and a cyber attack could have disastrous consequences for millions of Americans. It is unknown how DOGE plans to transfer the data it collects and how secure said transfer and storage will be.
A dozen legal challengesThere has been significant opposition to DOGE's actions, primarily in the form of lawsuits. At the time of writing, 12 privacy-related lawsuits are in place, as well as other non-privacy related cases.The Electronic Frontier Foundation (EFF), along with other privacy advocates, filed a lawsuit on February 11 against DOGE's accessing of the Office of Personal Management data.
The EFF said that "the mishandling of this information could lead to such significant and varied abuses that they are impossible to detail."On February 7, the American Civil Liberties Union (ACLU) filed Freedom Of Information Act (FOIA) requests with over 40 federal agencies. It labelled DOGE's acts as "secretive" and called on Congress to "fulfill its constitutional role" in opposing DOGE.
The mishandling of this information could lead to such significant and varied abuses that they are impossible to detail.Electronic Frontier FoundationA coalition of 14 state attorney generals filed a lawsuit aiming to immediately block DOGE from accessing information at the departments of Labor, Education, Health and Human Services, Energy, Transportation and Commerce, and at the Office of Personnel Management.However, on February 18, a judge rejected the lawsuit.
Musk and DOGE's "unchecked authority" was noted, but, according to Reuters, the judge said "the states had not shown why they were entitled to an immediate restraining order.""The recent reporting around federal agencies granting DOGE staff access to the most sensitive information about Americans is alarming," said the Center for Democracy & Technology's Elizabeth Laird.Laird cited the lawsuits questioning the legality of DOGE's actions and highlighted the "several security incidents" involving DOGE staff, "suggesting that they are not adhering to best security practices in their work.
"She went on to say DOGE needed to be more transparent. "A necessary first step to addressing the access and security issues is answering questions core to protecting any sensitive information: Who has access to this information and under what authority? What is being done with this information? What are the proactive steps that are being taken to keep it safe and secure?"What can you do?The problem is that individuals cannot take steps to protect this data. It is the government's duty to protect it, and it is information that cannot be withdrawn.
The primary defense at this stage is lawsuits and the hope of DOGE's behavior being declared unlawful – but this requires a concerted effort and is not a quick or simple solution.If you are concerned about legitimate but unwanted use of your personal data, then a data removal service such as Incogni can help. These services contact data brokers who hold records of your data and submit removal requests on your behalf.
However, if information collected by DOGE was to suffer a breach, data removal services are unlikely to protect you against any malicious use of your data.(Image credit: ExpressVPN)It is possible your information could be used in phishing and scam attempts. Always be cautious of suspicious emails asking for any personal information or messages claiming to be from "reputable" sources that don't look quite right.
Look out for typos, demands for payment, and poorly put together websites. Never click on anything you're not 100% sure of.If you are the victim of a breach or cybercrime, leading VPN providers ExpressVPN and NordVPN offer forms of identity protection in their plans.
ExpressVPN's Identity Defender and NordVPN's NordProtect provide cyber insurance of up to $1 million, as well as dark web monitoring and assistance in recovering lost funds and identity theft.At this stage, there are no reports of data being breached as a result of DOGE's actions, but it is something to be aware of should the worst happen.Consent and Privacy Act 1974Introduced in the wake of the Watergate scandal, the Privacy Act 1974 has been cited in almost every legal case against DOGE.
Under the act, the disclosure of personal records, even within agencies, generally requires the consent of the individual concerned. However, there are several exceptions, such as law enforcement investigations and court orders – and two of these could work in DOGE's favour.As stated in Lawfare, agencies can share records with third parties for "a routine use" if this "use (including sharing) would be compatible with the reason the information was collected in the first place.
"But many in opposition to DOGE's actions are arguing its use of the data has nothing to do with the reasons it was collected in the first place. Many claim DOGE wants the data for political reasons and it is unclear whether DOGE's staff have been vetted, and there does not appear to have been any congressional authorization for the data collection to take place.DOGE has also been accused of failing to record what actions it is taking, and this, combined with the lack of an established leader, makes accountability almost impossible.
(Image credit: designer491 / Getty Images)How far will the government go?The relationship between Trump and data privacy is a complicated one. In the past, Trump has been a vocal critic of companies like TikTok collecting the personal data of Americans. He called for a TikTok ban during his first term in office, but has since reversed his stance on the issue.
Historically, his actions have been more to do with protecting national security rather than concern for the rights of the American people. Project 2025, which Trump has now distanced himself from, criticizes China's data collection practices but fails to mention the data privacy practices of US companies such as Apple, Google, and Amazon.Elon Musk is clearly not a champion of data privacy rights, with privacy complaints being made over X user data being used to train its Grok AI model, and it is unknown how much influence he will have as a special advisor.
However, Musk's orders appear to come directly from the President – which leads us to believe Trump is happy with DOGE accessing federal data.(Image credit: VINCENT FEURAY / Getty Images)The separation of federal and state government also poses questions, because states have differing data privacy laws. How these laws interact with DOGE's federal actions, and whether they can be used to combat them, is unclear.
US lawmakers have condemned moves by the UK government to access the encrypted data of Apple's users – lawmakers Senator Ron Wyden and Congressman Andy Biggs said in a letter that the demand threatens the privacy and security of the US.Senator Wyden, along with Senator Elizabeth Warren, also expressed concern over DOGE's access to IRS tax data. However, contradicting his stance on the UK government's actions, Congressman Biggs introduced legislation in support of DOGE's initiatives.
We have seen countless examples of governments imposing on the data privacy of their citizens in recent months. However, these have rarely involved a Western government. DOGE's actions represent a significant shift in attitudes towards Western data privacy, and is a cause for concern – leaving us asking how far Trump and DOGE would go.
.
