AI Governance: Securing Privilege and Limiting Rule 34 Control
Editor’s Note: As AI continues to reshape the legal landscape, questions about the scope of attorney-client privilege over AI-generated content have become increasingly urgent for litigators and in-house counsel alike. In this timely analysis, Phil Favro examines a trio of recent court decisions that together begin to define when AI-related data may—and may not—qualify for privilege protection. Central to his discussion is Mobley v. Workday, Inc., a significant 2026 ruling from the Northern District of California in which a federal magistrate judge found that bias testing data generated at counsel’s direction was shielded from discovery. Favro draws a sharp contrast between Mobley and earlier decisions in United States v. Heppner and In re OpenAI, in which courts declined to extend the privilege to AI content because counsel’s involvement was either absent or incidental. Beyond privilege, Favro explores how Mobley offers practical guidance on limiting Rule 34 control over nonparty customer data through carefully drafted data-sharing agreements. Organizations navigating AI governance would be well advised to study the lessons Favro outlines, as the decisions shaping this area of law are arriving quickly and the stakes for unprepared litigants are high.
AI Governance: Securing Privilege and Limiting Rule 34 Control
By Phil Favro, Contributing Author for HaystackID
One of the biggest unknowns for litigation in the age of artificial intelligence (AI) is whether and to what extent the attorney-client privilege will apply to AI-related information. This is clearly an open issue, with counsel and courts grappling to discern the boundaries of traditional privilege principles over new data types and sources.
There should be little doubt that courts will apply traditional privilege principles to AI-related information. While the judiciary is considering possible rules changes to address evidentiary concerns arising from AI and technological issues, no changes are expected to the attorney-client privilege, and for good reason. The law on privileges—particularly in federal court—has been designed to be flexible, allowing courts to apply “the principles of the common law . . . in the light of reason and experience.”[1] This flexibility allows courts to consider privilege questions in the context of technological innovations, including advances in AI.
Drawing upon that flexibility, courts have rejected privilege claims relating to AI-generated content. For example, the court in United States v. Heppner concluded that the attorney-client privilege did not apply to 31 documents that a criminal defendant had generated using “Claude,” a consumer AI application.[2] In In re OpenAI, Inc., Copyright Infringement Litigation, the court rejected a party’s argument that a spreadsheet memorializing various AI prompts and outputs was privileged. While the party maintained that the prompts and outputs reflected “requests for legal advice,” the court determined the spreadsheet was a business document and that the apparent involvement of counsel in its development did not confer upon the document privileged status.[3]
Against this backdrop of cases rejecting privilege claims over AI content is a recent decision from a San Francisco-based federal court in which the court found that the privilege applied to an AI-related data set. In Mobley v. Workday, Inc., the court reasoned that certain data a defendant generated at the request of its legal counsel to investigate concerns over bias in its AI applications was privileged.[4] That Mobley considered the data privileged—and not merely “underlying facts” under the Supreme Court’s landmark decision in Upjohn Co. v. United States—is a striking development.[5] Mobley suggests that parties may be able to claim AI-related content as privileged in certain circumstances and offers guidance on how that may be accomplished. In addition, Mobley provides insights on how organizations may limit the extent of Rule 34 control over nonparty data used by enterprise AI applications.
Mobley v. Workday
Mobley is a fascinating case involving claims that the defendant (Workday) allegedly used “biased artificial intelligence” in its hiring practices that could implicate “potentially hundreds of millions of putative class members.”[6] Even the court appears captivated by the parties’ claims and defenses, characterizing the case as both important and significant in an unrelated order.[7]
Bias Testing Data
In discovery, the plaintiffs propounded written requests seeking data reflecting bias testing that Workday conducted, along with “its customers’ applicant data.” Workday appears to regularly conduct bias testing on its products, including its “Candidate Skills Match,” “Spotlight,” and “Fetch” products.[8] According to the court, the purpose of those Workday products was to provide its clientele with candidate hiring tools, including:
- Candidate Skills Match: “an algorithmic feature that determines the extent to which an applicant’s skills match the role to which they applied;”
- Spotlight: “a candidate review tool that . . . allows customers to assess the level of match between a candidate’s application materials and the job requirements;” and
- Fetch: “a sourcing tool that connects organizations with potential talent by suggesting individuals for open jobs.”
The court also indicated that Workday conducts bias testing on each of these tools “at the direction and under the guidance of its legal counsel for the purpose of rendering legal advice.” In so doing, Workday limits access to the data set to just the people “who need it for giving legal advice.” This includes both the data itself, along with the code designed for testing the data and the results of the testing. Workday asserted that all of this data was privileged and refused to provide it to the plaintiffs in discovery.
Regarding the customer applicant data, Workday received this information from its clientele pursuant to data sharing agreements (Master Subscription Agreements). Under the Master Subscription Agreements, Workday agreed to treat its customers’ information (including, ostensibly, customer applicant data) as confidential and not reveal that information except as “required by Law.” Nevertheless, Workday customers could “seek injunctive relief” pursuant to the Agreements to prevent Workday from disclosing their information.
The Parties’ Arguments
The plaintiffs eventually filed a motion to compel the production of Workday’s bias testing data and customer applicant data. In support of their motion, the plaintiffs argued that the requested data was relevant to their claims, that Workday’s privilege assertions should be disregarded, and that Workday has legal control over the customer applicant data within the meaning of Federal Rule of Civil Procedure 34. On the issue of privilege, the plaintiffs (among other things) maintained that the data constituted “underlying facts of communications” and that Workday’s lawyers were providing business advice and not legal advice. Regarding Rule 34 control, the plaintiffs argued that the Master Subscription Agreements permitted Workday to produce customer applicant data under a court order.
Workday disputed these arguments, asserting that neither data set was relevant, that the bias testing data was, in any event, privileged, and that it did not have control over the customer applicant data within the meaning of the Master Subscription Agreements. Regarding its position on privilege, Workday argued that its lawyers both “curated and used” the bias testing data to provide the company with legal advice. As for the issue of Rule 34 control, Workday maintained that the Master Subscription Agreements did not allow Workday to disclose customer applicant data “because customers can legally refuse to allow production.”
Privilege Applies to the Bias Testing Data
After reviewing the parties’ arguments, the court ultimately sided with Workday and denied the plaintiffs’ motion. As an initial matter, though, the court dismissed Workday’s relevance objection as to the data sets and found, particularly as to the bias testing data, that it had “probative value” even if it was “not the best evidence” supporting the plaintiffs’ disparate impact claims.
Nevertheless, on the issue of privilege, the court sided with Workday. U.S. Magistrate Judge Laurel Beeler accepted Workday’s argument that its lawyers curated and used the bias testing data to offer legal advice to the company and that they were not acting as business advisors. While conceding that the computer coding was itself “technical in nature,” Judge Beeler reasoned that this did not alter the application of the privilege to the data, given the integral role of Workday’s counsel in guiding and directing bias testing for purposes of rendering legal advice.
In reaching this determination, the court distinguished the plaintiffs’ motion from Upjohn. In Upjohn, the privileged communications referenced underlying facts, which the Supreme Court opined would not be protected as privileged and would still be produced in discovery. In contrast, the bias testing data in Mobley were not merely facts, but represented materials that counsel specifically selected for the purpose of offering legal advice to the company. Because producing this information could arguably “reveal the thought processes of counsel” for Workday, the court forbade the plaintiffs from obtaining it in discovery.
No Control Over the Customer Applicant Data
The court also determined that Workday did not have Rule 34 control over the customer applicant data. According to Judge Beeler, the Master Subscription Agreements did not confer upon Workday “a legal right to obtain [the customer applicant data] upon demand.” Instead, the Agreements had confidentiality and disclosure restrictions, including a provision empowering Workday customers to seek injunctive relief to prevent Workday from divulging their information. Under these circumstances, the court did not agree that Workday “had a legal right to obtain its customers’ data on demand.”
AI Governance Lessons from Mobley on Privilege
Mobley confirms that technical data, computer code, and computational outputs are not disqualified from privilege protection because they are technical or algorithmic in nature. A key difference between Mobley (where privilege applied) and OpenAI (where it did not) is the nature of counsel’s involvement. In OpenAI, counsel’s role was either nonexistent or superfluous in connection with the creation of a spreadsheet reflecting AI prompts and outputs. In contrast, counsel in Mobley actively guided, directed, and curated the technical process so they could provide Workday with legal advice. Thus, Mobley teaches that organizations may be able to claim technical data—such as AI prompts, outputs, training data, testing data, and so forth—as privileged if the process is carried out under counsel’s specific direction and with their involvement.
To strengthen the privilege claims, enterprises may wish to depict the technical data at issue as being integral to counsel’s rendering of legal advice such that revealing the requested data would divulge the lawyer’s thought processes. Counsel could also assert work product over technical data if the process at issue were undertaken in preparation for or in connection with a lawsuit. Courts have deemed counsel’s selection of documents to be protected from discovery because it may reveal their mental conclusions and thought processes about a case.[9] Regardless, failing to highlight the issue of the counsel’s thought processes could result in a court defaulting to Upjohn, characterizing the data as underlying facts, and ordering the data’s production.
Even if enterprises follow these suggestions, technical data sets may still not meet privilege criteria if companies allow data to be further distributed, either within or outside the enterprise. Workday successfully asserted privilege because it limited the circulation of the bias testing data, code, and results solely to the individuals “who need[ed] it for giving legal advice.” In like manner, organizations that wish to maintain privilege over technical data should consider restricting its access to counsel and designated technical experts acting under counsel’s direction.
Lessons on Rule 34 Control from Mobley
Mobley also spotlights how enterprises may be able to limit the bounds of Rule 34 control over customer data. In litigation, organizations should be aware that they could be vulnerable to discovery requests that seek nonparty data which enterprises have obtained and used in AI applications under data-sharing agreements. In Mobley, Workday prevailed on this issue because its Master Subscription Agreements did not grant the company a “legal right to obtain [the customer applicant data] upon demand.” Instead, the Master Subscription Agreements imposed confidentiality and disclosure restrictions on the customer applicant data. Similarly, companies may consider using data sharing agreements that place reasonable limits on their ability to use or obtain nonparty customer data. By so doing, companies may be able to limit the extent of their control over nonparty data for purposes of Rule 34.
[1] Fed. R. Evid. 501, Notes of Committee on the Judiciary, House Report No. 93–650 (1975). [2] United States v. Heppner, 820 F. Supp. 3d 292 (S.D.N.Y. 2026). [3] In re OpenAI, Inc., Copyright Infringement Litig., 802 F. Supp. 3d 688 (S.D.N.Y. 2025) [4] Mobley v. Workday, Inc., No. 23-CV-00770-RFL (LB), 2026 WL 1510537 (N.D. Cal. May 29, 2026). [5] Upjohn Co. v. United States, 449 U.S. 383 (1981). [6] Mobley v. Workday, Inc., No. 23-CV-00770-RFL, 2026 WL 102638 (N.D. Cal. Jan. 14, 2026). [7] District Judge Rita F. Lin observed that “[t]his is an important case” and referenced its “scope and significance” in the opening paragraph of her January 14, 2026 order. Id. at *1. [8] See Declaration of Michelle Law in Support of Defendant Workday’s Opposition to Plaintiff’s Motion to Compel Production of Requested Documents and Discovery, No. 3:23-cv-00770-RFL (N.D. Cal.), ECF No. 316 (May 4, 2026). [9] See generally The Honorable John M. Facciola & Philip J. Favro, Safeguarding The Seed Set: Why Seed Set Documents May Be Entitled To Work Product Protection, 2015 Fed. Cts. L. Rev. 8 (2015).
About Phil Favro
Phil Favro is the founder of Favro Law PLLC, where he counsels clients on ESI, AI, and discovery issues and serves as a special master, mediator, and expert witness. Phil is nationally recognized for his expertise on ESI, discovery, and information governance, with courts acknowledging his credentials. See, e.g., Oakley v. MSG Networks, Inc., No. 17-CV-6903 (RJS), 2025 WL 2061665 (S.D.N.Y. July 23, 2025). This background makes Phil particularly well-suited to counsel clients and advise courts on information-related issues. As a special master, Phil is acclaimed for his collaborative approach, working with parties to find stipulated solutions to complex issues. For disputes that require adjudication, he is renowned for the clarity and vigor of his written dispositions, which are available on legal search engines.
About HaystackID®
HaystackID® solves complex data challenges related to legal, compliance, regulatory, and cyber requirements. Core offerings include Global Advisory, Cybersecurity, Core Intelligence AI™, and ReviewRight® Global Managed Review, supported by its unified CoreFlex™ service interface and eDiscovery AI™ technology. Recognized globally by industry leaders, including Chambers, Gartner, IDC, and Legaltech News, HaystackID helps corporations and legal practices manage data gravity, where information demands action, and workflow gravity, where critical requirements demand coordinated expertise, delivering innovative solutions with a continual focus on security, privacy, and integrity. Learn more at HaystackID.com.
Assisted by GAI and LLM technologies.
SOURCE: HaystackID