<

Judge Xavier Rodriguez: Who has “Possession, Custody, or Control” of the Employee’s Personal Mobile Device? Time for Amendments to the Federal Rules

Extract from Judge Xavier Rodriguez’s article, “Who has “Possession, Custody, or Control” of the Employee’s Personal Mobile Device? Time for Amendments to the Federal Rules.”

Abstract
As mobile devices have become indispensable tools for professional communication, the distinction between personal and business data has blurred—creating critical challenges for litigators and organizations navigating discovery obligations. This Article explores the evolving jurisprudence surrounding whether and when a corporate defendant has “possession, custody, or control” over data stored on an employee’s personal mobile device. Drawing from a recorded podcast conversation1 and expanding on the legal foundations, I scrutinize the two primary frameworks courts use to analyze control—the “legal right” test and the “practical ability” test—and question their fitness in the context of modern mobile usage patterns.

This Article evaluates competing conceptions of “control” against three core criteria: (1) doctrinal coherence with the text and structure of the Federal Rules; (2) ex ante predictability for litigants and courts; and (3) the ability to reduce socially costly errors—particularly spoliation risk and unnecessary invasions of employee privacy. A test is “adequate,” in this sense, if it supplies administrable guidance ex ante, produces reasonably consistent outcomes across jurisdictions, and does not systematically externalize preservation burdens onto individual employees or shield parties who exploit technical arrangements to avoid discovery. Given this measurement, both the legal right and practical ability tests are inadequate: the former is underinclusive and encourages evasion, while the latter is overinclusive, unevenly applied, and insensitive to privacy and power imbalances.

This Article also considers the growing disconnect between technological reality and static discovery rules, emphasizing the need for clarity in preservation and production expectations. Finally, this Article addresses the implications of emerging state statutory and case law developments regarding privacy, the General Data Protection Regulation,2 and the Hague Evidence Convention3 (where an employer’s limited control over personal devices may be further complicated by these privacy laws and jurisdictional boundaries). In response, this Article proposes a more functional approach to assessing control and offers practical recommendations for litigators, courts, and policymakers to modernize discovery frameworks in a Bring Your Own Device (BYOD) world.

This Article proposes an agency‑anchored conception of “control” as one promising candidate for a more uniform national standard. Under this approach, a rebuttable presumption of control would attach to electronically stored information (ESI) on the personal devices of officers, directors, and individuals with meaningful managerial authority acting within the scope of their agency. In contrast, other employees’ devices would ordinarily be treated as outside the responding party’s control and only reachable, if at all, through Rule 45.

Read more here

ACEDS