In Morgan v. V2X, Inc., No. 25–cv–01991–SKC–MDB (D. Colo. Mar. 30, 2026), Colorado Magistrate Judge Maritza Dominguez Braswell stating that the use of AI does not eliminate all expectations of privacy or automatically waive protections ruled that “Plaintiff can assert work product protections in connection with his AI use”, but also that he “must disclose the name of any AI tool [he] used in connection with Confidential Information”. Judge Dominguez Braswell also amended the Protective Order to address AI use, using her own proposed language instead of parties’ proposals for amendment.
Case Discussion and Judge’s Ruling
The dispute arose in the context of an employment discrimination case brought by a pro se plaintiff. While the underlying claims concerned allegations of discrimination and retaliation, the immediate issue before the Court involved the defendant’s motion to amend the existing protective order to address AI usage and to compel the plaintiff to disclose the identity of any AI tools he used in connection with confidential information.
A central issue was whether Federal Rule of Civil Procedure 26(b)(3) – which protects work product – applies to a pro se litigant’s use of AI tools. Judge Dominguez Braswell first differentiated this case from US v. Heppner, stating: “First, Heppner was a criminal matter; this is a civil case governed by the Federal Rules of Civil Procedure, and the text of Rule 26(b)(3) broadly protects the work product of a party, not merely counsel. Second, in Heppner, there was a gap between the party and the attorney because the defendant acted entirely apart from his lawyer. No such gap exists in the pro se context. A pro se litigant is simultaneously the party and the advocate.”
Continuing, she said: “Here, like in Warner v. Gilbarco, Inc.…, Plaintiff can assert work product protections in connection with his AI use. It is true that AI systems like ChatGPT, Claude, Gemini, and others widely available to the public, collect user data for training and other purposes. But in this Court’s estimation, that does not eliminate all expectations of privacy or automatically waive protections.” Drawing analogies to email and cloud storage, she emphasized that “routing information through a third-party system does not forfeit all privacy.” She further reasoned that disclosure to an AI provider is not equivalent to disclosure to an adversary and therefore does not automatically undermine work product protections.
However, while Judge Dominguez Braswell affirmed the applicability of the work product doctrine, she drew a clear distinction between protected mental impressions and the identity of the tools used. The plaintiff argued that revealing the specific AI platform would expose litigation strategy, but Judge Dominguez Braswell found this argument unpersuasive. She concluded that the plaintiff had failed to demonstrate how disclosure of the tool’s name would reveal protected mental impressions, noting that such claims were “conclusory” and unsupported. She added: “if Plaintiff already submitted Confidential Information to some AI system—and it appears he has—Defendant is entitled to know which system.”
The second major issue addressed whether, and to what extent, the protective order should restrict the use of AI. Both parties proposed competing language, with the defendant advocating for strict limitations and the plaintiff proposing a more flexible, security-focused approach. Judge Dominguez Braswell rejected both proposals as inadequate—finding the plaintiff’s version too permissive and the defendant’s overly engineered—and instead crafted her own balanced provision:
No party or authorized recipient may input, upload, or submit CONFIDENTIAL Information into any modern artificial intelligence platform, including any generative, analytical, or large language model-based tool (“AI”), unless the AI provider is contractually prohibited from: (1) storing or using inputs to train or improve its model; and (2) disclosing inputs to any third party except where such disclosure is essential to facilitating delivery of the service. Where disclosure to a third party is essential to service delivery, any such third party shall be bound by obligations no less protective than those required by this Order. In addition, the AI provider must contractually afford the party or authorized recipient the ability to remove or delete all CONFIDENTIAL information upon request. A party intending to use AI that it contends meets these requirements must retain written documentation of these contractual protections.
Judge Dominguez Braswell added: “To be clear, the Court does not intend to leave pro se Plaintiff without the benefits of AI. Modern AI tools may be used in many ways that do not involve uploading Confidential Information, and nothing in this particular Order restricts those uses. What this Order requires is that Confidential Information not be entrusted to platforms that lack the contractual safeguards described above, regardless of the sophistication or apparent trustworthiness of the tool.”
So, what do you think? Are you surprised that the Court ruled that the use of AI does not eliminate all expectations of privacy? Please share any comments you might have or if you’d like to know more about a particular topic.
Case opinion link courtesy of Minerva26, an Affinity partner of eDiscovery Today.
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.