DOGE's Threats to the Fourth Amendment: Privacy at Risk

-- By JuliaSmith - 26 Mar 2025

The Creation of DOGE and Ensuing Threats to Privacy

On the first day of his second term, Donald Trump signed an executive order establishing the Department of Government Efficiency (DOGE). The order stated that the goal of the new department was to modernize federal technology and software “to maximize governmental efficiency and productivity.”

In its research into governmental spending, DOGE employees have accessed highly confidential information through federal agencies like the Department of Labor and Department of the Treasury, including federal employee records, employment data at large, government payment information, documentation regarding disaster victims, and student loan recipient data. This data, which is allegedly being used to facilitate a large-scale investigation of the United States’ internal spending, consists of a large amount of personal and confidential information historically known to have been private to individuals. This access implicates personal data like social security numbers and tax information from almost all federal employees and millions of Americans.

Despite its name, DOGE is not an official government department. Governmental departments are constitutionally created by Congress, which holds the power to establish and fund them. As DOGE was established by an executive order, it lacks the Congressional approval required to make the key spending decisions it purports to. The seizure of this caliber of confidential information by an organization that is not an actual federal government department is in clear violation of the longstanding Privacy Act of 1974. This essay will analyze how Donald Trump’s thinly veiled attempt at seizing the personal information of millions of Americans violates the guarantees of the Privacy Act.

DOGE and the Privacy Act

The Guarantees of the Privacy Act

The Privacy Act of 1974 has long been a pillar of the United States privacy law. The Act was enacted to protect individuals against the misuse of personal information by the federal government.

The Privacy Act regulates how federal agencies use, collect, and disseminate personal data to provide transparency and safeguards for information kept in government systems. The Act includes guarantees on (a) data minimization and accuracy, (b) access and amendment rights, (c) limitations on disclosure and (d) use only for purposes in which the information was collected. This Act is particularly essential in administrative circumstances, in which governmental agencies are handling large volumes of highly confidential data. Unlike the Fourth Amendment, which is limited in application outside criminal investigations, the Privacy Act is specifically intended to control the use of personal data by the executive branch, even when wrongdoing is not suspected.

DOGE’s Privacy Act Violations

A series of recent lawsuits have illuminated several privacy violations involved in DOGE’s data collection. Early in the new administration, Trump, Musk, and others repeatedly threatened to fire government employees whom they view as disloyal. As a result, the disclosure of personal information to DOGE has put individuals’ job security at risk.

On top of job security, DOGE’s data collection poses a critical threat to Americans’ financial security. The use of new and untested technology to disseminate data risks the leak of private personal information through hacking by criminals or foreign governments. Given the sensitivity of this data, if obtained by a bad actor, Americans could be subjected to significant fraud and theft. Moreover, plaintiffs, policy-makers, and security experts alike are concerned that foreign cyber experts (from countries like China, Russia, and Iran) could seek to exploit the system and launch U.S.-based cyber attacks.

Further, as DOGE is not an official federal government agency, the DOGE agents handling this highly sensitive and confidential information have not received the normal U.S. government security clearance. Even more worryingly, at least one of those agents has been fired from prior employment due to the disclosure of his employer’s secrets. This has led many Americans to fear that some of their most sensitive data will be mishandled by individuals not bound by traditional government clearances or rules.

How the Privacy Act Can Be Used to Combat DOGE’s Data Collection

Several of the guarantees of the Privacy Act can be used to directly combat the data collection perpetrated by DOGE. First, the fact that DOGE was enacted by executive order, and not authorized by Congress, indicates a clear lack of statutory authority to collect or access sensitive personal data. This access alone violates the Privacy Act's prohibition on unauthorized disclosure and use of data.

Individuals have also not been given the opportunity to consent to the use of their data for DOGE's financial investigation. Federal employees, individuals with student loans, and disaster victims should reasonably expect that their data stay within the bounds of the agency that collected it. Instead, it is being aggregated by a vaguely defined entity created outside of the usual legislative process.

DOGE employees also lack the standard federal security clearances required of governmental employees, and have not been vetted under government protocols for handling confidential and sensitive information. This raises additional concerns about data integrity, unauthorized access, and a lack of compliance with the Privacy Act's record- keeping requirements.

There are several practical methods in which the Privacy Act can be a tool to fight DOGE's data collection. First, and perhaps most importantly, affected individuals can use the Act to litigate against DOGE or its directors. These individuals can assert that their confidential information has been accessed without consent, in direct violation of the Privacy Act. In rectifying this injustice, courts can award damages and issue injunctive relief to prevent further breaches of individual privacy.

The Privacy Act can also be used to facilitate Congressional oversight. Because Congress did not take part in establishing DOGE, it can hold hearings and access records to determine whether DOGE officials have circumvented legislative authority. Congress can also clarify that DOGE is an agency that is subject to the Privacy Act and that it cannot function outside the bounds of the Act itself.

Finally, the Offices of Inspector General (OIGs) in agencies like the Department of Treasury and the Department of Labor can implement internal audits to determine whether DOGE's use of agency data violated Privacy Act provisions like the prohibition on unauthorized disclosure, the requirement that data be used only for its original purpose, and the obligation to ensure proper safeguarding and accuracy of personal records.

A good factual summary of what we know about the situation.

Attempting to apply Fourth Amendment legal analysis here raises two serious problems: this is not about criminal investigation and the use of evidence in prosecution; and the aggregation of data already in the possession of the government is not "searching." The Privacy Act and related rules concerning government use of the data in its possession are the appropriate legal context, it seems to me. We would certainly expect to understand the reach of those rules before finding ourselves considering farther-flung constitutional claims.