Beyond Relevance, Cost, and Burden: Elevating the Importance of Privacy in Analyzing Rule 26(b)(1) Proportionality

In an era defined by Big Data, the proliferation of social-media platforms and new technologies, and heightened concerns over personal data protection, the traditional boundaries of civil discovery are being tested.  While the Federal Rules of Civil Procedure have long permitted broad discovery, the 2015 amendments to Rule 26(b)(1) reestablished proportionality as a central criterion for determining the scope of discoverable material.  This shift also provides a critical opportunity to recognize privacy, not merely as a secondary concern remedied through use of protective orders, but as a primary factor in the proportionality analysis itself and, in turn, determining the appropriate scope of discovery.

Privacy and confidentiality interests span a wide spectrum, from protecting trade secrets and proprietary business information to shielding individuals from embarrassment, humiliation, and reputational and financial harm.  Without meaningful limitations, discovery can become a tool for unnecessary intrusion into the private lives of litigants and third parties, exposing sensitive information that bears little or no material relevance to the issues in dispute.  Indeed, civil discovery can present risks for those who have taken great pains to protect their confidential, sensitive, or protected information and may demand that particularized attention is paid to ensuring that data privacy obligations are respected.  The discovery process can not only move such data to a less secure environment, but it can also refine and concentrate the value of the information being produced, making it even more valuable to unauthorized persons who may wish to access or acquire it.  Yet, litigants often lack the means or incentives to protect third-party privacy interests.  

The rules of discovery must therefore strike a careful balance, ensuring that parties have access to information necessary for the pursuit of their claims or defenses, while preventing overbroad preservation and production that may compromise personal privacy and dignity.  In short, incorporating data privacy as a core component of the proportionality analysis under Rule 26(b)(1) is essential to maintaining this balance and upholding the integrity of the discovery process.

Rule 26(b)(1): The Evolution of Proportionality in Discovery

In the past, the scope of discovery under Rule 26 of the Federal Rules of Civil Procedure was defined in terms of relevance, with privilege providing the only exception.  Beginning with the 1983 amendments, however, proportionality factors were introduced to curb over-reaching and abusive discovery practices.  These included considerations of whether discovery was unreasonably cumulative, duplicative, or unduly burdensome or expensive.  These considerations extended beyond monetary costs to include the needs of the case, the parties’ resources, and the importance of the issues at stake.[1]

In 1993, Rule 26(b)(1) was further amended in response to the rising costs and complexity of discovery in the digital age.  The 1993 amendments added two more factors: (1) whether the burden or expense of discovery outweighed its likely benefit, and (2) the importance of the proposed discovery to resolving the issues.[2]  These changes were intended to give courts greater control over the scope of discovery by limiting the depth of discovery.  However, proportionality remained structurally peripheral to limiting the scope of discovery.

The 2015 amendments restored proportionality into the definition of discoverable material.[3]  Rule 26(b)(1) now requires that discovery be both relevant and proportional to the needs of the case.  Under Fed. R. Civ. P. 26(b)(1), discovery must be “relevant to [] party’s claim or defense” and “proportional to the needs of the case, considering the importance of the issues at stake in the action, the amount in controversy, the parties’ relative access to relevant information, the parties’ resources, the importance of the discovery in resolving the issues, and whether the burden or expense of the proposed discovery outweighs its likely benefit.”[4]  This framework empowers courts to curtail discovery that is excessive or intrusive, even if technically relevant.

Privacy’s Traditional Role in Civil Discovery

Historically, privacy has played a limited role in shaping the scope of discovery.  In Seattle Times Co. v. Rhinehart, the Supreme Court emphasized that the Federal Rules do not distinguish between private and non-private information, so long as the material is relevant and not privileged, the information is discoverable,[5] allowing for extensive intrusion into the private affairs of both litigants and third parties.  The primary mechanism for protecting private information has been Rule 26(c), which allows courts to enter protective orders “for good cause” to shield parties from “annoyance, embarrassment, oppression, or undue burden or expense.”[6]  However, this approach is increasingly inadequate in the modern world.  The sheer volume and sensitivity of personal data stored on digital devices, social-media platforms, and cloud platforms demand a more proactive and nuanced balancing of interests.  

Traditionally, parties and courts have relied upon protective orders as a primary method of limiting who can access or use materials produced in the course of discovery.  While useful to limit the dissemination of information beyond the parties, protective orders are reactive and often insufficient to prevent the harm that can be caused by overbroad discovery requests and preservation.[7]  Protective orders usually come into play after discovery requests have been made, meaning that some level of intrusion may have already occurred.  Even multi-tiered, “Attorneys’ Eyes-Only” protective orders may not suffice if the requesting law firm does not employ sufficient protections.  Indeed, media headlines in recent years tell us that law firms have become attractive targets for hackers and cyber-attacks, due to a combination of lagging security and a reputation for housing high-value data.  Similarly, service providers and testifying and consulting experts engaged by litigants and their counsel can often stand in the same bullseye drawn by malicious threat actors who seek to access and exploit non-public information.  Also, protective orders are not reasonably accessible to non-parties who are often unaware that their personal information is being disclosed or discussed in litigation and, therefore, are not able to seek the court’s protection.  Therefore, integrating privacy considerations into the proportionality analysis under Rule 26(b)(1) is essential for proactively managing discovery and effectively protecting sensitive information from the outset.

The Growing Importance of Data Privacy and Protection in the United States

U.S. citizens have a growing expectation of privacy in the digital age.  In recent years, data privacy and protection have become an increasingly significant concern in the U.S., both in regulatory frameworks and in litigation practices.  However, U.S. courts have customarily prioritized domestic discovery obligations over data-protection laws.  In Société Nationale Industrielle Aérospatiale v. U.S. District Court, the Supreme Court held that foreign blocking statutes and privacy laws do not automatically override U.S. discovery rules, reinforcing the primacy of American procedural law in cross-border litigation.[8]  This approach stood in contrast to jurisdictions like the European Union, where data privacy has long been a fundamental right and a significant potential limitation on cross-border discovery.

Unlike the European Union’s comprehensive General Data Protection Regulation (GDPR), the U.S. has traditionally relied on a patchwork of industry-specific privacy laws, such as the Health Insurance Portability and Accountability Act (HIPAA), Fair Credit Reporting Act, and Stored Communications Act.[9]  This changed with the enactment of the California Consumer Privacy Act (CCPA) in 2018, which became effective in 2020 and marked the beginning of a broader legislative movement.[10]  As of 2025, twenty states have enacted comprehensive data privacy laws, and there have been multiple efforts to pass a national privacy statute.[11]

A central principle in these laws is data minimization, which requires organizations to collect only the personal data necessary for a specific purpose and dispose of it when it is no longer demonstrably needed.[12]  This principle has been reinforced by enforcement actions from the Federal Trade Commission (FTC) and state attorneys general, who have penalized companies for over-retaining personal data or failing to implement adequate safeguards.[13]  These actions underscore that unnecessarily harvesting, processing, and retaining personal data not only increases regulatory exposure but also complicates discovery and heightens litigation risk.  In this evolving legal landscape, privacy and data minimization are no longer peripheral concerns—they are central to both compliance and litigation strategies.  Incorporating these considerations into Rule 26(b) proportionality analyses can help limit the scope of discovery, reduce costs, and more adequately protect sensitive information.

The Growing Call for Privacy to Be Part of the Proportionality Analysis

Some organizations devoted to thought leadership in the eDiscovery and information governance space have long advocated for privacy to be treated as a key factor in determining the appropriate scope of discovery.[14]  The Sedona Conference emphasizes this notion in various of its publications.  For instance, Principle 2, Comment 2.d of The Sedona Principles, Third Edition (2018) underscores that proportionality should encompass not only monetary costs but also non-monetary burdens such as the invasion of privacy rights and risks to confidentiality.[15]  It states:

Costs cannot be calculated solely in terms of the expense of computer technicians to retrieve the ESI, but must factor in other litigation costs…These burdens on information technology personnel and the resources required to review ESI for relevance, privilege, confidentiality, and privacy should be considered in any calculus of whether to allow discovery, and, if so, under what terms. In addition, the non-monetary costs (such as the invasion of privacy rights, risks to business and legal confidences, and risks to privileges) should be considered.[16]

Sedona Principle 3, Comment 3.a, likewise highlights the need to address privacy and confidentiality issues during Rule 26(f) conferences,[17] while Principle 10 was revised to explicitly reference privacy obligations in light of their growing significance.[18]

Similarly, the Sedona Conference Primer on Social Media, Second Edition, reinforces that proportionality inherently involves privacy considerations, urging parties to minimize unnecessary disclosure of sensitive personal information.   The Sedona Conference Primer on Social Media explains that “[t]he proportionality limitation on the scope of discovery includes two factors that implicate privacy concerns, i.e., ‘the importance of the discovery in resolving the issues, and whether the burden . . . of the proposed discovery outweighs its likely benefit.’”[19]  Although privacy is not a per se bar to discovery as in the case of legal privileges, it nevertheless states that parties “should consider managing the discovery to minimize potential embarrassment to third parties and protect against unnecessary disclosure of their sensitive personal information.”[20]

The current Electronic Discovery Reference Model (EDRM), by incorporating the Information Governance Reference Model (Version 4.1), also acknowledges and promotes the understanding that privacy is an essential consideration within the broader proportionality analysis of eDiscovery.[21]  The EDRM suggests that privacy considerations should be addressed early in the eDiscovery process, specifically during the identification and preservation stages, to mitigate potential privacy risks and avoid costly over-collection of sensitive data.  This helps to ensure that discovery efforts are balanced and do not unnecessarily infringe on individuals’ privacy rights. More specifically, the EDRM’s Privacy & Security Risk Reduction Model provides a framework for reducing the volume of private and risky data during the eDiscovery process using methods like filtering and quarantining.[22]

Last year, the Lawyers for Civil Justice (LCJ)[23] submitted a Rules Suggestion to the Advisory Committee on Civil Rules (“Advisory Committee”) advocating for amendments to Rule 26 that would explicitly incorporate privacy and cybersecurity concerns.  LCJ noted that the current rules lack clear guidance on protecting personal and confidential information and proposed that “reasonable steps” to safeguard such data be integrated into the proportionality framework.  While courts are increasingly recognizing privacy as a relevant factor, formal rule amendments could enhance consistency and provide clearer direction for litigants and judges alike.

Courts Are Increasingly Considering Data Privacy as a Component of a Rule 26(b)(1) Proportionality Analysis

Neither Rule 26(b)(1) nor the accompanying Committee Notes expressly mention privacy, and for that reason, some courts have previously declined to recognize privacy as a component of proportionality.[24]  However, in recent years, a growing number of courts have embraced privacy as a factor that can be weighed, along with other factors, in defining and limiting the scope of discovery under 26(b)(1).  Courts often evaluate privacy concerns under the factors of burden versus benefit and the importance of the discovery to resolving the issues.  Also, most courts that consider privacy as a proper basis for limiting discovery under Rule 26(b)(1) have done so in situations where a party seeks discovery of someone’s personal device or social-media account. 

In In re Social Media Adolescent Addiction/Personal Injury Products Liability Litigation, defendants sought the complete forensic imaging of Bellwether plaintiff’s personal mobile devices.[25]   Defendants argued that the information was relevant and necessary to “test Plaintiffs’ claim that their alleged addiction to Defendant’s platforms…[caused]…their claimed injuries.”  Plaintiffs argued that the wholesale production of the Plaintiffs’ devices full forensic images was “overbroad and not proportional to the needs of the case.”[26]  The court was “particularly cautious about the strong privacy interests implicated by accessing individuals’ cellphones.”[27] As such, the court denied the defendants’ blanket request and explained that “[h]andover of the complete forensic images of the devices for free inspection by Defendants’ counsel and experts imposes a significant privacy intrusion” and would potentially expose vast amounts of personal information, much of which was likely irrelevant to the issues in the litigation.[28]

Courts in the Seventh Circuit have also recognized that privacy considerations are an appropriate part of Rule 26(b)(1) proportionality analysis.  For example, in Crabtree v. Angie’s List Inc., plaintiffs sued their employers for the wrongful denial of overtime compensation.[29]  The employer moved to compel discovery of the plaintiffs’ personal computers, cell phones, and tablets to obtain geolocation information that would establish the whereabouts of the plaintiffs when they were purportedly working.[30]  Plaintiffs objected on the grounds that the request posed “significant privacy concerns” and amounted to a “fishing expedition” not relevant to the claims or defenses in the case.[31]  The court denied employer’s motion and concluded that the “forensic examination of Plaintiffs’ electronic devices is not proportional to the needs of the case because any benefit the data might provide is outweighed by Plaintiffs’ significant privacy and confidentiality interests.”[32] 

Similarly, in Estate of Logan v. City of South Bend, the plaintiff requested the production and forensic inspection of the defendant-officer’s cell phones, both “personal and city-issued.”[33]  The defendant objected, arguing that absent “any explanation to justify” the request, the inspection would be unduly intrusive.”[34]  The court found that plaintiff failed to identify how the requested cell phone information went to the “heart of the case” or was even relevant to the case, leaving it unable to determine whether the request was proportional enough to justify invading defendant’s privacy interests.[35]  The court concluded that even though the expense of the inspection “would be negligible, the likely benefit is outweighed by the Defendant’s privacy and confidentiality interests.”[36]

In conducting a Rule 26(b)(1) proportionality analysis, courts have also considered the burden and cost of redacting personal information or disaggregating data to isolate what is private.  For example, in Heredia v. Sunrise Senior Living LLC, the plaintiffs sought the resident service plans for each patient and daily resident census records for each day of the class period.[37]  The defendants objected to the requests as overbroad, not proportional to the needs of the case, not reasonably calculated to lead to the discovery of admissible evidence, and because they contain private information.[38]  In its proportionality analysis, the court considered the cost of redaction of private information in finding that defendant should produce a sample of these materials to the plaintiffs.[39] 

Similarly, in Bartis v. Biomet, Inc., plaintiff Hollins was one of many who sued a manufacturer of artificial hips, alleging substantial injuries from implantation of the device, including pain and lack of mobility.[40]  After Hollins admitted in discovery that he consistently wears a Fitbit which tracks his steps, defendant requested production of all data from the Fitbit and any other wearable device.  The court considered the relevance of the data regarding Hollins’ activity levels compared to the “extremely low burden of production.”[41]   “[C]onsidering the liberal discovery rules, minimal burden of production, and limited privacy risks,” the court found in favor of production of a portion of the Fitbit data but allowed for the redaction of irrelevant information (e.g., heart rate, sleep records, and locations) as they raised ostensible privacy concerns.[42]

Privacy’s Proper Place as A Proportionality Factor

As technology continues to evolve and personal data endlessly proliferates, courts must adapt their discovery frameworks to ensure fairness and protect individual privacy.  Rule 26(b)(1) can provide the necessary tools.  Courts and commentators increasingly recognize that privacy interests can be considered a “burden” in the proportionality analysis, and not just a financial one.  The renewed prominence of Rule 26(b)’s proportionality factors provides a strong basis for giving weight to privacy concerns when defining the proper scope of discovery.  By recognizing privacy as a legitimate factor in the proportionality analysis, courts can better balance the competing interests of discovery, dignity, relevance, and restraint.  Protective orders are important, but they should supplement, not substitute for, a robust proportionality analysis that includes legitimate privacy concerns.  The potential for invasion of privacy is a burden and potential cost to both parties and non-parties that courts should consider when determining the appropriate scope of discovery.

The views expressed in this article are those of the authors and not necessarily those of Redgrave LLP or its clients.