A federal judge found DOGE's access to OPM personnel records violated the Privacy Act and issued a preliminary injunction, marking a major privacy-law setback for the initiative.
A federal judge ruled June 10 that affiliates of the U.S. DOGE Service gained access to Office of Personnel Management databases covering tens of millions of current and former federal employees in violation of the Privacy Act of 1974 and established cybersecurity protocols [1]. U.S. District Judge Denise Cote of the Southern District of New York issued a preliminary injunction blocking that access and ordered the parties to submit competing proposals for the injunction's specific terms [1]. The ruling represents one of the most direct judicial constraints placed on DOGE's data-collection activities since the initiative launched.
The case centers on a challenge to OPM's decision to grant DOGE personnel sweeping access to personnel records held across agency systems [2]. OPM Acting Director Charles Ezell was among the key figures whose agency conduct came under scrutiny during the proceedings [1]. The litigation proceeded in the Southern District of New York and sits alongside a broader wave of federal suits contesting DOGE's access to sensitive government databases across multiple agencies, including the Social Security Administration [2].
The substantive holding carries significant weight. Judge Cote found that the Privacy Act, a 1974 statute that governs federal agencies' collection, maintenance, and disclosure of records on individuals, applies to DOGE-affiliated access even though DOGE operates in proximity to the White House [1]. The court's analysis directly rejects any implied executive-branch immunity from statutory privacy obligations. That conclusion creates a precedential pressure point: agencies that facilitated similar DOGE access without statutory authorization now face heightened legal exposure [2]. The ruling also stands in partial tension with the Supreme Court's earlier decision permitting DOGE to access SSA records, drawing a line between what the high court allowed at SSA and what a district court found impermissible at OPM [1].
The immediate next step is the injunction-terms briefing, through which both sides will propose language governing the scope and duration of the access prohibition [1]. Compliance monitoring and potential contempt proceedings remain live issues depending on how broadly the final injunction is written. An appeal to the Second Circuit is a near-certain prospect given the stakes for executive branch data practices [2]. Any circuit-level ruling would set binding precedent across a jurisdiction that includes major federal agencies operating out of New York and could accelerate Supreme Court review of the broader question of whether and how the Privacy Act constrains White House-adjacent initiatives.