Tag: artificial intelligence

Posted on by Gerald L. Maatman, Jr.

California Federal Court Clarifies Limits On AI Bias Testing And Applicant Data Disclosure In Mobley v. Workday

By Gerald L. Maatman, Jr., Adam D. Brown, and Elizabeth G. Underwood

Duane Morris Takeaways: In Mobley, et al. v. Workday, Inc., Case No. 23-CV-00770, 2026 WL 1510537 (N.D. Cal. May 29, 2026) (ECF No. 340), Magistrate Judge Laurel Beeler of the U.S. District Court for the Northern District of California issued an order resolving three discovery disputes in this closely watched employment discrimination class action involving novel artificial intelligence (AI) issues.  The Court denied Plaintiffs’ motion to compel production of Workday’s bias-testing data, finding that the attorney-client privilege protects the data because Workday’s attorneys curated it and used the results in providing legal advice.  The Court also denied Plaintiffs’ motion to compel Workday to produce its customers’ applicant data because Plaintiffs failed to show that Workday had control of that data within the meaning of Rule 34 of the Federal Rules of Civil Procedure.  However, the Court ordered production of Workday’s EEO-1 and Office of Federal Contract Compliance Programs (OFCCP) documents, finding those documents to be relevant to Workday’s knowledge of potential demographic disparities when utilizing its AI tools. 

The ruling is significant for corporate counsel. For employers navigating the intersection of privilege, discovery obligations, and AI hiring tools, this ruling provides important guidance on protecting bias-testing data while recognizing the broad scope of discoverable information in AI employment discrimination cases.

This development follows Workday’s unsuccessful Motion to Dismiss Plaintiff’s Amended Complaint, which we blogged about here, Workday’s first successful Motion to Dismiss, which we blogged on here, and the EEOC’s amicus brief filing, which we blogged about here.

Case Background

Plaintiffs are suing Workday for utilizing an AI screening system that allegedly is more likely to deny employment applications from individuals who are African American, suffer from disabilities, or are over forty years old.  Id. at *1.  Workday Recruiting is a software product that helps customers manage hiring, and customers who purchase Workday Recruiting have access to an algorithmic feature called Candidate Skills Match, which determines the extent to which an applicant’s skills match the role to which they applied.  Id.  In 2024, Workday acquired HiredScore, which allowed Workday to offer additional features to customers, including Spotlight, a candidate review tool, and Fetch, a sourcing tool that connects organizations with potential talent by suggesting individuals for open jobs.  Id.

As to the present discovery disputes, first, Plaintiffs filed a motion to compel Workday to produce its bias-testing data and its customers’ applicant data.  Id. at *3.  The parties disagreed as to whether the bias-testing data was protected by attorney-client privilege and whether Workday had control of its customers’ applicant data.  Id.  Second, Plaintiffs sought to compel production of Workday’s EEO-1 and OFCCP documents, with the parties disputing relevance, burden, and waiver.  Id. at *6.  Third, Plaintiffs moved to compel Workday to provide deanonymized data of applicants’ names and other application information.  Id. at *7.

The Court’s Decision

Attorney-Client Privilege Applied To Bias-Testing Data

First, the Court agreed with Workday that its bias-testing data was protected from disclosure by the attorney-client privilege.  Id. at *4.  Specifically, the Court reasoned that the bias-testing data was privileged because Workday had shown more than mere direction from its attorneys and “ha[d] represented that its attorneys curated the data it used in the bias testing, the overall purpose of the testing was to provide legal advice and not to be used in a business capacity, and it ha[d] not submitted the data to a regulatory body.”  Id.

Moreover, the Court rejected Plaintiffs’ arguments that Workday had waived privilege by using the bias-testing data offensively through reliance on an “AI Fact Sheet” that stated Workday performs bias testing.  Id. at *5.  Instead, the Court held that “Workday’s invoking the mere existence of its bias testing outside of litigation [was] not enough to waive privilege.”  Id.

No Control Over Customer Application Data

Second, the Court denied Plaintiffs’ motion to compel Workday to produce its customers’ applicant data.  Id. at *6.  The Court found that Plaintiffs had not met their burden of demonstrating that the provision of the Master Subscription Agreement allowing Workday to produce a customer’s data under a court order constituted “control” under Rule 34 because Workday did not have a legal right to obtain its customers’ data on demand.  Id. at *6.  However, the Court observed that some third parties that Plaintiffs had subpoenaed had taken the position that Plaintiffs should seek the data from Workday instead.  Id.  Thus, the Court encouraged the parties to work together to resolve the issue.  Id.

Production Of EEO-1 and OFCCP Documents

Third, the Court ordered production of Workday’s EEO-1 and OFCCP documents, finding that Plaintiffs had met their initial burden on relevance.  Id.  In particular, the Court reasoned that Workday utilizes the same AI tools as its customers, and under either the agent or direct-employer theory, “Workday’s EEO-1 and OFCCP documents are relevant to its knowledge of potential demographic disparities when utilizing AI tools.”  Id. at *6.

Deanonymized Applicant Data

Finally, the Court disposed of Plaintiffs’ request for deanonymized applicant data as moot because Plaintiffs had admitted in subpoenas seeking the same information from third parties that they did not need applicant names.  Id. at *7.

Implications For Employers

This decision reinforces the concept that bias-testing data can be shielded from production under attorney-client privilege when an employer’s attorneys curate the underlying data and conduct bias-testing for the purpose of providing legal advice, as opposed to a business or regulatory compliance purpose.  Of note, and as supported by this Court’s decision, companies that utilize AI in their hiring processes should structure their bias-testing under the direction of legal counsel to preserve attorney-client privilege.

Moreover, the Court’s ruling on EEO-1 and OFCCP documents suggests that employers and AI vendors should be aware that they may face broad discovery obligations regarding their own use of the same AI tools they market to customers, as in this case, the Court found Workday’s EEO-1 and OFCCP documents relevant because Workday uses the same AI tools as its customers.

Posted on by Class Action Defense

The Class Action Weekly Wire – Episode 66: Colorado Stakes Out Artificial Intelligence Frontier With Comprehensive Algorithmic Anti-Discrimination Law


Duane Morris Takeaway: This week’s episode of the Class Action Weekly Wire features Duane Morris partner Jerry Maatman and associate Tiffany Alberty with their discussion of a significant development on the forefront of artificial intelligence legislation – a Colorado bill recently signed into law making strides to curb the risk of algorithmic bias across all sectors and uses of AI technology.

Check out today’s episode and subscribe to our show from your preferred podcast platform: Spotify, Amazon Music, Apple Podcasts, Samsung Podcasts, Podcast Index, Tune In, Listen Notes, iHeartRadio, Deezer, and YouTube.

Episode Transcript

Jerry Maatman: Thank you, loyal blog readers. Welcome to our next installment of our weekly podcast series, the Class Action Weekly Wire. I’m Jerry Maatman, a partner at Duane Morris and joining me today is my colleague, Tiffany Alberty. Welcome.

Tiffany Alberty: Thanks, Jerry, excited to be here.

Jerry: Today we wanted to discuss what I believe to be a landmark development coming out of the state of Colorado regarding artificial intelligence legislation, and specifically the new AI bill that was signed into law earlier this year. As a member both of the Illinois and Colorado bars, Tiffany, I know you’ve been advising employers on this –  wondered what your takeaways were at a 100,000 foot level on this new law?

Tiffany: Sure. Thanks, Jerry, I appreciate the opportunity to speak today. So, as many of you know, on May 17th of this year, Colorado Governor Jared Polis signed into law SB-205, also known as the Consumer Protections for Interactions with Artificial Intelligence Systems. It does take effect in February of 2026, and it applies to Colorado residents. This bill was modeled after Connecticut’s ambitious legislation which ended up crumbling the same month due to the Connecticut Governor Ned Lamont’s concerns that it would stifle the innovation of the developing AI industry. So, comparing this legislation to AI laws such as in Florida or Utah. The statute is really the first legislation of its kind in the United States that focuses on what’s called “high-risk artificial intelligence systems”. Notably, it requires that developers and companies that deploy this high-risk AI technology use the standard of reasonable care to prevent algorithmic discrimination.

Jerry: Thanks for that overview, Tiffany, that’s very helpful. In terms of what corporate counsel need to understand about the concept of “high-risk AI systems,” how would you describe that in layman’s terms, and with respect to the range of activities or software covered by the new Colorado law?

Tiffany: Sure. So, the Colorado law defines “high-risk AI systems” as those that make or substantially contribute to making “consequential decisions.” Of course, it’s not clear, but some examples that would be considered as “consequential decisions” under the law include a large range of companies and services, including education enrollment or education opportunities, employment or employment services and opportunities, financing or lending services, essential governmental services, healthcare services, housing, insurance, and then, of course, legal services.

The law does actually carve out specific systems that would not be included in the law – that either (i) perform narrow procedural tasks; or (ii) detect decision making patterns or deviations from prior decision-making patterns, and that aren’t intended to replace or influence the human component of assessment and review. Also excluded from the law is AI-enabled video games, cybersecurity software, anti-malware or anti-virus software, spam or robocalling features and filters – all when they’re not considered a “substantial factor” in making these consequential decisions

Going to what a ”substantial factor” is – it’s defined as a factor that (i) assists in making consequential decisions and (ii) is capable of altering the overall outcome of that said consequential decision, or (iii) is generated by an AI system alone.

Jerry: Well on its face, that sounds quite broad, and I doubt that the exemptions are going to be used to swallow the rule. What do corporate counsel need to know about penalties and potential damages under the statute for violations of it?

Tiffany: Sure, so the penalties are hefty. The law provides the Colorado Attorney General with the exclusive authority to enforce violations and penalties up to $20,000 for each consumer or transaction violation that’s involved. However, the law does not contain a private cause of action. Developers as well as deployers can assert an affirmative defense if they discover and cure the violation, or are in compliance with the latest version of the Artificial Intelligence Risk Management Framework that’s published by the National Institute of Standards and Technology, or otherwise known as NIST, or any other framework that is designated by the Colorado Attorney General that should come out with more specific and narrow confines.

Jerry: The job of a compliance counsel is certainly difficult with the patchwork quilt of privacy laws, but what would your advice be specifically for companies involved in trying to engage in good faith compliance with the Colorado law?

Tiffany: Sure, great question. There are key responsibilities at stake for both developers of AI technology and deployers, which are the companies that are utilizing these systems, in terms of protecting consumers and employees from the risks of algorithmic discrimination. For AI developers, there is a duty to avoid algorithmic discrimination, and under the reasonable care standard, it includes several critical steps. So that would be providing deployers with detailed information about the AI systems and the necessary documentation for impact assessments; developers must make a public statement about the types of AI systems that they have developed or substantially modified; and disclose any potential risks of algorithmic discrimination to known deployers and the Colorado Attorney General within 90 days of discovery.

So that’s going to be for the AI developer side. Now, if you go to the other variation which is going to be for deployers of high-risk AI systems, they, too, have a duty under the law to avoid algorithmic discrimination, and they are required to implement comprehensive risk management policies, conduct impact assessments throughout the year, and review their AI systems annually to ensure that there’s no algorithmic discrimination occurring. They also need to inform consumers about the system’s  decision-making processes and offer opportunities for correcting any inaccurate information that’s being collected and allow for appeals against adverse decisions upon human review, if that is feasible. And then the last thing that is similar to the AI developer side – deployers must also disclose any algorithmic discrimination discovered to Colorado’s Attorney General within 90 days of discovery.

So, kind of taking more of a bird’s eye view, the law encompasses AI technology when it’s involved in the consequential decisions, such as in an employment context for hiring and firing. And it adds another layer of intervention to check the AI process, and ensuring that it doesn’t have any type of discriminatory or bias intent. As such, companies have until February 2026 to come into compliance with this new Colorado AI law.

Jerry: Well, thanks, Tiffany. Those are great insights. I think the bottom line is compliance just became a bit tougher in terms of all the things that are out there in that wild west which is the legal frontier of artificial intelligence. If there’s nothing other than what we’ve seen from the plaintiffs’ bar is that they’ve been very innovative and using statutes like this and cobbling together class actions involving employer use of artificial intelligence. Well, thank you loyal blog readers for tuning in to this week’s weekly podcast series – we will see you next week with another topic.

Tiffany: Thanks, everyone.

Posted on by Class Action Defense

Announcing The First Edition Of The Duane Morris Product Liability And Mass Torts Class Action Review

By Gerald L. Maatman, Jr., Jennifer A. Riley, and Sharon Caffrey

Duane Morris Takeaways: Clients, ranging from some of the world’s largest manufacturers and insurance companies to startup companies and individual inventors, turn to Duane Morris for counsel and representation in claims involving products liability and toxic torts. For years, Duane Morris has worked with clients to develop cost-containment and strategic litigation plans designed to minimize the risk, business disruption and potentially staggering cost of products liability and toxic tort litigation. Our goal is to provide value by acting as proactive counselors and advisors, rather than simply responding to particular problems in isolation. To that end, the class action team at Duane Morris is pleased to present the Product Liability And Mass Torts Class Action Review – 2024. This new publication analyzes the key rulings and developments in 2023 and the significant legal decisions and trends impacting both product liability class action litigation and mass tort litigation for 2024. We hope that companies and employers will benefit from this resource and assist them with their compliance with these evolving laws and standards.

Click here to download a copy of the Product Liability And Mass Torts Class Action Review – 2024 eBook.

Stay tuned for more product liability and mass tort class action analysis coming soon on our weekly podcast, the Class Action Weekly Wire.

© 2009- Duane Morris LLP. Duane Morris is a registered service mark of Duane Morris LLP.

The opinions expressed on this blog are those of the author and are not to be construed as legal advice.

Proudly powered by WordPress