Thirty days may not sound like a long time, but it certainly was enough for the new Trump administration to shake things up – with Americans’ data privacy being among the impacted.
Executive orders, layoffs across some key governmental agencies, DOGE’s access to highly sensitive data: privacy experts are worried, warning how these events could seriously undermine citizens’ privacy and internet freedoms.
A month in, Trump 2.0 doesn’t look so reassuring for data privacy protections in the US and beyond. Let’s look at what happened over this time and what’s at stake.
Big decisions
Perhaps the biggest decision of all so far came just a couple of days after the Presidential inauguration of January 20, 2025. As first reported by the New York Times, the White House quickly presented three Democratic-selected members of the Privacy and Civil Liberties Oversight Board (PCLOB) with a choice – to resign or be fired.
PCLOB is an independent agency responsible for ensuring the federal government’s surveillance practices to fight back against terrorism are balanced with the need to protect people’s privacy and civil liberties.
“While most Americans have never heard of our board, which oversees national security agencies such as the CIA, NSA, and FBI, we should all be concerned about the undermining of an oversight agency designed by Congress to ensure that government surveillance does not infringe our privacy and civil liberties,” one of the members who got fired, Travis LeBlanc, wrote in the Guardian.
Such a move will likely impact people’s digital rights beyond the country’s borders. For example, PCLOB also oversees the newly established Data Protection Review Court (DPRC), the system through which EU citizens can challenge unlawful surveillance practices in the US.
The EU also relies on this independent board to ensure the US provides adequate protection of Europeans’ data under the so-called Transatlantic Data Privacy Framework. Yet, without these protections, experts fear European businesses would soon need to stop using US cloud storage providers like Apple, Google, Microsoft, or Amazon to avoid breaching the block’s data protection laws.
“There were long discussions as to the functioning and independence of these oversight mechanisms. Unfortunately, it seems that they may not even stand the test of just the first days of a Trump Presidency,” commented the founder of Austria-based digital rights advocacy group NOYB, Max Schrems, at the time.
The New York Times reports that Trump is making the Privacy and Civil Liberties Oversight Board de facto inoperable. This punches the first major hole in EU-US data transfers agreement (TADPF).Using US Cloud providers could quickly violate the GDPR.https://t.co/XyTsjoPB5qJanuary 23, 2025
The Consumer Financial Protection Bureau was also impacted by the new administration, with Treasury Secretary Scott Bessent halting all rulemaking and other agency’s activities – as Politico reported.
Again, privacy experts have expressed concerns about the move, arguing that it undermines consumers’ privacy protections, and adds to the attacks on critical federal agencies.
“These attacks on bipartisan independent agencies will have devastating impacts for workers and consumers across the country and the political spectrum,” said Alexandra Reeve Givens, president, and CEO of the Center for Democracy & Technology, in an official statement, pointing out the critical role that CFPB plays against the harms of the data broker industry.
Experts at the Electronic Frontier Foundation (EFF) have also warned against the decision to suspend US foreign aid support to some key organizations developing crucial technologies to promote internet freedom across the world. These include the project behind the Tor Browser, a censorship-resistant free-to-use tool that is thought to be even more private than some of the best VPN services on the market.
“We hope that cutting off support for these and similar tools and technologies of freedom is only a temporary oversight and that more clear thinking about these and many similar projects will result in full reinstatement,” wrote the EFF, while urging the new administration to “restore support for these critical internet freedom tools.”
DOGE’s privacy
Elon Musk’s newly established Department of Government Efficiency (DOGE) has also been at the center of privacy-oriented attention.
At the time of writing, there are 12 privacy lawsuits ongoing against DOGE that involve five federal privacy protection bodies and six federal agencies, including the Education and Treasury departments. These legal actions aim to challenge what’s considered “unlawful” access to American’s highly sensitive personal data.
The complaints claim that DOGE has violated the Privacy Act of 1974, among other laws, under which access and disclosure of Americans’ personal information should be strictly restricted.
The datasets DOGE can access include some of the most sensitive information about citizens. Information that will be linked to them all their lives like social security numbers, family status, health history, and more. Yet, it’s still unclear how Musk’s team plans to secure the bulk of such precious data.
So far, however, the premises don’t look good. DOGE’s site was hacked within days of its launch. Additionally, 404 Media reported how the doge.gov site is allegedly built on Cloudflare Pages instead of government servers, a vulnerability that could let third parties push updates on the site.
There’s also the question of how Musk and Co will implement AI within DOGE’s infrastructure. As per a Washington Post’s report, the department already plans to use an AI system to identify possible government spending cuts. Again, experts fear how this could impact people’s data privacy and security.
Commenting on this point, Equity & Civic Technology Lead at the Elizabeth Laird, said: “Dumping large amounts of sensitive data, including personally identifiable information like social security numbers and family income, into a general-use AI system significantly increases security risks. We haven’t seen any proof that this kind of use is safe and trustworthy.”
What’s next?
Considering these first 30 eventful days of the new Trump administration, the stakes for citizens’ data privacy rights are certainly high.
Plus, there’s still the vacuum left by the lack of a comprehensive federal data protection law, which keeps fostering an imbalance of protection across states.
While citizens cannot do much to change or improve the government’s data-handling practices, they can still actively minimize some of the information shared online.
To do that, I suggest using a virtual private network (VPN) app to encrypt all your internet connections and spoof your IP address location. For extra security, couple this with a secure web browser when entering highly sensitive search queries. Using trustworthy encrypted messaging apps like Signal is also your best bet to keep all your chats private.
https://cdn.mos.cms.futurecdn.net/JVkUNJkcVerxuwptkNLt9k-1200-80.jpg
Source link
chiara.castro@futurenet.com (Chiara Castro)
