Electronic Frontier Foundation Eyes Privacy Act's Cyber Provisions in DOGE Cases
The Privacy Act includes cybersecurity provisions that can be used to hold the Department of Government Efficiency liable for data abuse, Electronic Frontier Foundation attorney Mario Trujillo said Thursday.
Sign up for a free preview to unlock the rest of this article
EFF is one of several groups suing the Trump administration over DOGE’s data-handling activities across the federal government (see 2504030060). Trujillo noted there are 22 DOGE-related lawsuits, and three of the challengers have received temporary restraining orders or preliminary injunctive motions from courts.
DOGE may have violated the Privacy Act’s cybersecurity provisions related to employee vetting, employee training, access controls and staff oversight, he said during a webinar with George Washington University Law Professor Daniel Solove.
The Privacy Act was a response to the Nixon administration gathering information on political enemies across agencies, and similar data abuse is occurring today, said Mark Lemley, professor at Stanford Law School. While most of the data privacy focus in recent years has been on private companies, the Privacy Act was explicitly written to prevent data sharing across government agencies, he said.
Solove urged state legislators to pass stronger laws addressing government-related abuse. Judge Jeannette Vargas, for the U.S. District Court for Northern California, on Friday wasn't swayed by states' argument to invoke the Privacy Act against DOGE (see 2504140036). Solove said states can pass stronger laws against government-related abuse while also finding more creative ways to claim liability within existing consumer-protection statutes. “Make the Supreme Court hit the brakes" on legal claims against DOGE, he said. “Don’t hit the brakes for them. There’s a lot of room in the law to do things that are effective.”