AMERICAN FEDERATION OF LABOR AND CONGRESS OF INDUSTRIAL ORGANIZATIONS v. DEPARTMENT OF LABOR (2025)

MEMORANDUM OPINION AND ORDER

Labor unions, a think tank, and two nonprofits move to temporarily restrain the Department of Labor (“DOL”), the Department of Health and Human Services (“HHS”), the Consumer Financial Protection Bureau (“CFPB”), the United States Digital Service (now known as the United States DOGE Service), and the United States DOGE Service Temporary Organization, from providing any person outside the three agencies—namely, DOGE personnel—with access to records systems containing personal information or data. As it said previously, the Court has serious concerns about the privacy concerns raised by this case, and those concerns are all the graver now that the data includes information on all Americans who rely on Medicare and Medicaid, as well as countless consumers. However, on the record before it, the Court does not conclude that plaintiffs are entitled to the extraordinary relief of a temporary restraining order.

BACKGROUND

The Court incorporates the factual and procedural background from its order denying plaintiff's first motion for a temporary restraining order (“TRO”) for lack of standing. See Mem. Op. & Order [ECF No. 18] (“First Mot. Order”) at 1–4. To briefly summarize, President Trump created the United States DOGE Service (“USDS”) on January 20, 2025, and in doing so required all federal agencies to “establish within their ․ [a]genc[y] a DOGE Team” to carry out USDS's mission of “modernizing Federal technology and software to maximize governmental efficiency and productivity.” Exec. Order No. 14,158, 90 Fed. Reg. 8441 §§ 1, 3(c) (Jan. 20, 2025) (“First DOGE E.O.”). Upon reports that USDS would be entering DOL to access its data, plaintiffs filed this lawsuit—which, at the time, was only against DOL and the DOGE defendants—on February 5, 2025, and sought a TRO. First Mot. Order at 4. This Court denied that TRO motion because plaintiffs failed to demonstrate a substantial likelihood of Article III standing. Id. at 9.

Plaintiffs then filed an amended complaint, which added two nonprofits as plaintiffs and HHS and CFPB as defendants. Amended Compl. [ECF No. 21]. On February 12, 2025, plaintiffs filed the instant TRO motion, seeking to enjoin defendants from, inter alia, sharing personal identifiable information with USDS employees. Pls.’ Mot. Renewed TRO [ECF No. 29] (“Mot.”). Defendants’ opposition and plaintiffs’ reply followed. Defs.’ Mem. Opp'n Pls.’ Renewed Mot. TRO [ECF No. 31] (“Opp'n”); Pls.’ Reply Supp. Renewed Mot. TRO [ECF No. 32] (“Reply”). The Court then held a hearing on the TRO motion on February 14, 2025.

ANALYSIS

To secure a TRO, the movant must: “(1) establish a likelihood of success on the merits; (2) show irreparable harm in the absence of preliminary relief; (3) demonstrate that the equities favor issuing an injunction; and (4) persuade the court that an injunction is in the public interest.” Trump v. Thompson, 20 F.4th 10, 31 (D.C. Cir. 2021) (cleaned up).

As in its last order, “the Court's reasoning begins and ends with likelihood of success on the merits.” First TRO Order at 5.¹ Plaintiffs’ central argument is that defendants are acting contrary to law by allowing non-agency personnel—namely USDS personnel—to access individuals’ personal information in violation of the Privacy Act of 1974.² The Privacy Act prohibits, among other things, an agency “disclos[ing] any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains.” 5 U.S.C. § 552a(b). The parties don't dispute that the personal information plaintiffs fear has been or will be disclosed falls within the Privacy Act's definition of “records.” See id. at § 552a(4) (defining record). What they do dispute is whether the people carrying out USDS's mission at DOL, HHS, and CFPB are authorized under the Act to access those records.

The answer to this question turns on the first exception to § 552a(b). Agencies are permitted to disclose records “to those officers and employees of the agency which maintains the record who have a need for the record in the performance of their duties.” Id. at § 552a(b)(1). The people carrying out USDS's mission—“modernizing Federal technology and software to maximize governmental efficiency and productivity,” First DOGE E.O. § 1—“have a need for the record in the performance of their duties,”³ and plaintiffs don't appear to contend otherwise. Plaintiffs contend instead that these individuals aren't “employees of the agency which maintains the record”—in other words, the USDS employees are not “employees” of DOL, HHS, and CFPB, respectively.

As alluded to, there are currently people carrying out the DOGE agenda (so-called DOGE Teams) at all three defendant agencies. The DOGE Team members come in three types: (1) USDS employees “detailed” to the relevant agency; (2) the relevant agency's own employees assigned to the team; and (3) employees of other agencies detailed to the relevant agency. The record shows that DOL's current DOGE Team consists of “one relevant worker who is now a DOL employee,” Decl. of Ricky J. Kryger [ECF No. 31-1] (“Kryger Decl.”) ¶ 13; HHS's consists of “at least one USDS employee[,] ․ one employee from another” agency, and one HHS employee, Decl. of Garey Rice [ECF No. 31-2] (“Rice Decl.”) ¶ 5; and CFPB's consists of one USDS employee and five employees detailed from other agencies, Decl. of Adam Martinez [ECF No. 31-3] (“Martinez Decl.”) ¶ 6.

According to the agencies, DOGE Team members are not running rampant, accessing any data system they desire. They are supervised by the agency in which they are employed/detailed, see Kryger Decl. ¶ 7; Rice Decl. ¶ 8; Martinez Decl. ¶ 8, and must follow that agencies’ data protocol. Accordingly, team members have signed nondisclosure agreements, received security training, and are otherwise subject to agency requirements as to data permissions and accesses. See Martinez Decl. ¶¶ 6–7. For example, “[u]nder the detail agreement ․ between USDS and HHS, USDS detailees” are required to abide by ten security-related protocols, including “[a]ccess[ing] HHS data, information, and systems for a legitimate purpose” and “[c]omply[ing] with the requirements of the Privacy Act for information that HHS collects on individuals.” Rice Decl. ¶ 7. Similarly, at DOL, any employee or detailee must submit a request 24 hours in advance of accessing any information system and acknowledge “certifications relating to ․ the Privacy Act, and additional governing statutes or directives that DOL is responsible for complying with,” and “the requester [must] securely maintain and properly dispose of sensitive data when no longer needed for official purposes.” Kryger Decl. ¶ 9–10.

In short, the record indicates that DOGE Team members are federal government “employees ․ who have a need for the record in the performance of their duties,” § 552a(b)(1), and must follow protocols to ensure their access is contained within the bounds of the Privacy Act. But are they “employees of the agency” at which they are detailed? Plaintiffs argue that the USDS employees are not. In plaintiffs’ view, under the Economy Act of 1932, only agencies can detail workers to other agencies. USDS is not an agency, plaintiffs continue, because it was not created by statute and is not accountable to an entity that was. Mot. at 34–37. Thus, the USDS employees working in the agencies are not “employees of the agenc[ies]” and, plaintiffs conclude, not permitted consistent with the Privacy Act to access the agency's record systems. If plaintiffs are right, a USDS employee's access to “records” at these agencies violates the Privacy Act no matter the data protections in place.

Defendants respond that USDS does fall within the Economy Act's definition of agency. The Economy Act, they point out, employs a broad definition of agency: “a department, agency, or instrumentality of the United States Government.” 31 U.S.C. § 101. And that breadth, they say—particularly the inclusion of “instrumentality”—is enough to encompass USDS. See Opp'n at 26–27.

This is a novel and complex legal issue. There is scant case law on the Economy Act's definition of agency. The same is not true, however, of other similar—and similarly broad—definitions of agency. Consider the Freedom of Information Act (“FOIA”) and the Privacy Act, which sweep into their definitions “any executive department, military department, Government corporation, Government controlled corporation, or other establishment in the executive branch of the Government (including the Executive Office of the President), or any independent regulatory agency.” See 5 U.S.C. §§ 552(f)(1), 552a(a)(1). Or the Administrative Procedure Act (“APA”), which encompasses “each authority of the Government of the United States, whether or not it is within or subject to review by another agency,” with certain enumerated exclusions. See 5 U.S.C. § 551(1).

Under those definitions, USDS—which is located with the Executive Office of the President, see First DOGE E.O. § 3(a)—appears to be an agency. In each context mentioned above, an entity within the Executive Office of the President is an agency if it “wield[s] substantial authority independently of the President.” Elec. Priv. Info. Ctr. v. Presidential Advisory Comm'n on Election Integrity, 266 F. Supp. 3d 297, 315 (D.D.C. 2017). If instead it serves solely “to advise and assist the President,” it is not an agency. Alexander v. FBI, 456 F. App'x 1, 1–2 (D.C. Cir. 2011) (quoting Kissinger v. Reporters Comm., 445 U.S. 136, 156, 100 S.Ct. 960, 63 L.Ed.2d 267 (1980)). As plaintiffs themselves insist, USDS appears to do much more than advise and assist the President. USDS's mission, per the Executive Order, is to “implement” the President's modernization agenda, not simply to help him form it. See First DOGE E.O. § 1. While the record isn't crystal clear as to these allegations, it is apparent that USDS is coordinating teams across multiple agencies with the goal of reworking and reconfiguring agency data, technology, and spending. See supra n.3 (describing the duties of the DOGE team members at DOL, HHS, and CFPB; Exec. Order No. 14,210, 90 Fed. Reg. 9669 (Feb. 11, 2025) § 3 (“Second DOGE E.O.”) (ordering that agency heads collaborate with DOGE teams on new appointment hires and prohibiting agencies from “fill[ing] any vacancies for career appointments that the DOGE Team Lead assesses should not be filled”). That is not the stuff of mere advice and assistance. See, e.g., Sweetland v. Walters, 60 F.3d 852, 854 (D.C. Cir. 1995).

Curiously, defendants do not make this argument. They shy away from other, similar statutory definitions of agencies, notwithstanding USDS's strong claim to agency status under them. This appears to come from a desire to escape the obligations that accompany agencyhood—subjection to FOIA, the Privacy Act, the APA, and the like—while reaping only its benefits. Indeed, at the renewed TRO hearing, defendants’ counsel insisted that USDS is not an agency under any of those three statutes (not to mention two Executive Orders scaffolding USDS, see First DOGE E.O. § 2(a); Second DOGE E.O. § 2(a)), but is under the Economy Act. Defendants insist that the inclusion of “instrumentalities” in the Economy Act definition renders “agency” there broader than its sibling definitions of “agency.” And so USDS becomes, on defendants’ view, a Goldilocks entity: not an agency when it is burdensome but an agency when it is convenient.

At this stage, and without the benefit of much briefing on the issue, the Court is not persuaded by defendants’ attempt to distinguish the Economy Act's definition of agency from similar definitions in other statutes. It is not clear, for instance, that “instrumentality” (Economy Act) must be a broader term than “establishment” (FOIA and Privacy Act) or “authority” (APA).⁴ And the only definition of “instrumentality” defendants offer hurts more than it helps them. Relying on a memorandum from the Office of Legal Counsel, defendants posit that an “instrumentality” is “a thing through which a person or entity acts.” See Opp'n at 26 (citing Application of the Gov't Corp. Control Act and the Miscellaneous Receipts Act to the Canadian Softwood Lumber Settlement Agreement, 30 Op. O.L.C. 111, 117 (2006)). But action—as contrasted with mere advice and assistance—is precisely what characterizes agencies for purposes of the other statutes.

So the Court must be guided by the case law described above defining agencies for other, related purposes. But, at least in this case, that conclusion helps defendants. For the reasons explained above, on the record as it currently stands and with limited briefing on the issue, the case law defining agencies indicates that plaintiffs have not shown a substantial likelihood that USDS is not an agency. If that is so, USDS may detail its employees to other agencies consistent with the Economy Act. It follows that plaintiffs have not shown a substantial likelihood on the merits of their Privacy Act claim, for without the argument that USDS employees may not be detailed under the Economy Act, the Privacy Act claim all but disappears. This is a close question, but plaintiffs have not, at this time, sustained their burden that they are likely to succeed on its merits.

A. Remaining claims

Plaintiffs also have failed to demonstrate a likelihood of success on the merits as to their three additional APA claims. First, plaintiffs have not established a substantial likelihood that the DOGE access policies are contrary to any of their cited laws and regulations. Some of the laws and regulations that plaintiffs put forth are only violated if USDS employees are not “employees” of their host agencies or are not independently violating the Privacy Act. See generally Mot. at 26–29. Because the Court concludes that plaintiffs have not demonstrated a substantial likelihood of success there, any other claims that rely on Economy Act or Privacy Act violations would also not be likely to succeed.

Next, plaintiffs claim that the DOL policy violates federal law that prohibits threatening a federal employee with termination for failing to comply with an order “that would require the [employee] to violate a law.” See Mot. at 26 (quoting 5 U.S.C. § 2302(b)(9)(D)). But defendants’ declarations expressly provide that employees must comply with all applicable laws and regulations, which would include laws prohibiting retaliation. See Rice Decl. ¶¶ 4, 7–8; Martinez Decl. ¶¶ 6–10. Similarly, the record supplies insufficient support for plaintiffs’ claims that USDS seeks to access Bureau of Labor and Statistics data, particularly in an unauthorized way. See Mot. at 29 (citing 44 U.S.C. § 3572(c)(1), which renders certain data “confidential[ ] for exclusively statistical purposes”).

Plaintiffs’ arguments that defendants are violating the Federal Information Security Modernization Act of 2014 (“FISMA”) are not likely to succeed because FISMA may not be subject to review under the APA. See Cobell v. Kempthorne, 455 F.3d 301, 314 (D.C. Cir. 2006) (indicating that how agencies comply with FISMA is likely committed to agency discretion).

Next, plaintiffs argue that the DOGE access policies are arbitrary and capricious because they represent a change in agency policy that failed to consider important aspects of the problem. See Mot. at 30–32. None of these concerns, even if understandable, rise to the level of arbitrary and capricious. Because plaintiffs have not demonstrated a likelihood of success on the Economy Act claim, they have not demonstrated that sharing the information with the USDS employees embedded at each agency is a breach of confidentiality that triggers the reliance interests. Similarly, plaintiffs have not demonstrated a likelihood that USDS personnel will inappropriately access confidential business information. To the contrary, each agency requires the detailed USDS employees to comply with its laws and procedures for data protection. See, e.g., Kryger Decl. ¶¶ 8–12 (USDS employees must “allow DOL an opportunity to ․ ascertain and mitigate any conflicts of interest” and “establish confidentiality protocols”); Rice Decl. ¶¶ 6–9 (USDS employees may access information only “for a legitimate purpose” and will “perform all HHS work using department computers and other HHS information technology assets”); Martinez Decl. ¶¶ 6–10 (USDS employees signed nondisclosure agreements).

Also under the APA, plaintiffs contend the agencies’ actions were arbitrary and capricious and procedurally erroneous because they did not go through notice-and-comment rulemaking. See Mot. at 33–34. But the record does not demonstrate that these agencies have in fact created a new routine use for their data that required any further explanation, let alone notice-and-comment rulemaking.

Finally, plaintiffs argue that USDS, as a creation of the Executive Office of the President, may only provide advice and recommendations to the President. See Mot. at 34–37. But the argument is barely briefed and at best tangential to the immediate privacy-related harms plaintiffs seek a TRO to prevent.

* * *

In the end, plaintiffs fail to show that any of their claims are likely to succeed on the merits, at least on this record. The Court thus denies their renewed motion for a TRO. See Wheelabrator Corp. v. Chafee, 455 F.2d 1306, 1308 (D.C. Cir. 1971). On the Economy Act question, which is the most important for this denial of a TRO, the Court will benefit from further briefing and analysis on a motion for preliminary injunction.

CONCLUSION

For the reasons explained above, it is hereby ORDERED that [29] plaintiffs’ renewed motion for temporary restraining order is DENIED. It is further ORDERED that the parties shall file a proposed preliminary-injunction motion briefing schedule by not later than February 18, 2025.

SO ORDERED.

FOOTNOTES

1.   “The first component of the likelihood of success on the merits prong usually examines whether the plaintiffs have standing.” Barton v. District of Columbia, 131 F. Supp. 2d 236, 243 n.6 (D.D.C. 2001). The injury that plaintiffs assert as to each defendant and each claim is that they or their members’ “private and sensitive information was” or will be “disclosed unlawfully.” Reply at 5. That means the question of whether plaintiffs have standing is “intertwined with the merits”—if the information wasn't disclosed, or if it was disclosed lawfully, plaintiffs have no injury. See Leighton v. CIA, Civ. A. No. 04-0812 (LFO), 2007 WL 1109273, at *2 (D.D.C. Apr. 11, 2007). So the Court discusses the merits first, and ultimately concludes there is insufficient evidence and argument that any information has been or will be shared unlawfully. Plaintiffs thus fail to establish not only a likelihood of success on their legal claims, but a substantial likelihood of standing.

2.   Defendants argue that plaintiffs lack a cause of action under the APA because plaintiffs have an “adequate remedy available” under the Privacy Act and because plaintiffs don't challenge a “final agency action.” See 5 U.S.C. § 704. For the purposes of this order, the Court assumes plaintiffs have a cause of action under the APA because even if they do, the Court concludes that they have not shown that they are likely to succeed on the merits of their claims.

3.   Per the agencies, the duties of the people implementing DOGE's mission include “[p]roviding software engineering, modern architecture and system design[,] ․ debugging, software testing, and programming, ․ [a]ssessing the state of current projects ․ [,] planning or leading interventions where major corrections are required[,] [a]ssisting on IT projects including infrastructure ․ and building interoperability.” Decl. of Ricky J. Kryger [ECF No. 31-1] ¶ 5; see also Decl. of Garey Rice [ECF No. 31-2] ¶ 7; Decl. of Adam Martinez [ECF No. 31-3] ¶ 4.

4.   But see Citizens for Resp. & Ethics in Wash. v. Off. of Admin., 559 F. Supp. 2d 9, 30 (D.D.C. 2008) (commenting in dictum that an entity's participation in Economy Act detailing does not necessarily mean it is an agency for FOIA purposes because the two statutes “have different operative definitions”).

JOHN D. BATES, United States District Judge