Overview
Megan provides clients smart and business-centered advice on data and technology matters.
Megan supports clients on data privacy, data use and ownership, and data security issues. As both a Certified Artificial Intelligence Governance Professional (AIGP) and a Certified Information Privacy Professional (CIPP), Megan routinely counsels businesses engaged in the building, development, marketing, and procurement of technology services that involve the processing of data, including personal information or protected health information. She then marries this expertise with her experience negotiating complex commercial intellectual property agreements to help clients maximize their assets and establish trustworthy and compliant systems. As a result, Megan is a go-to resource for clients and colleagues on artificial intelligence issues.
Megan’s practice includes creating clients’ privacy notices and disclosures in compliance with comprehensive U.S. state privacy laws (e.g., the CCPA), biometric information privacy laws (e.g., BIPA), children’s privacy laws (e.g., COPPA), and global privacy laws (e.g., the GDPR and LGPD); advising clients on their development or procurement of AI systems; drafting and negotiating clients’ customer, vendor, and business partner contracts; documenting data protection impact assessments; conducting gap assessments to determine areas of compliance remediation; drafting and negotiating data processing agreements; advising clients experiencing a security incident on their legal obligations and investigation strategies; acting as an outside counsel resource to internal privacy or product counsel; counseling clients on future-state technology strategies; and helping clients plan for a future corporate exit.
Megan also has significant experience working with our Corporate Division as a subject-matter-expert in the areas of intellectual property, technology, software, and data privacy and security, advising on more than 450 mergers and acquisitions, investment, and financing transactions in the past four years.
Megan serves on the Firm’s Technology Committee, Business Continuity Committee, and Generative AI Resource Group. When she joined Fredrikson, Megan managed and negotiated Fredrikson’s own vendor and service provider contracts, including contracts for software and IT assets, professional services, and access to Fredrikson facilities. As a Certified Legal Project Manager, she also has experience leading multi-year projects to improve and standardize client work product for certain key practice areas.
Services
Experience
Representative Artificial Intelligence Experience
- Analyzed the terms of a proposed agreement from a multinational technology company looking to access a publishing company’s content for the purposes of training its large-language models and algorithms. Drafted a summary of legal issues and considerations for discussion at the board level.
- Advised client on the risks associated with using a phone system that contractually permitted the vendor to use audio files and video recordings for training proprietary models and algorithms.
- Drafted guide of legal considerations when using artificial intelligence tools for client’s internal use and training.
- Negotiated license agreement with data broker providing data for use in modeling and scoring the value of marketing leads and for verifying the accuracy of various third party’s customer relationship management (“CRM”) system data.
- Negotiated specialty healthcare provider practice’s ground-level participation agreement in a multi-tenant data lake and related software system that included the training of models using de-identified data derived from PHI.
- Diligenced the development of various algorithms and models used by a target company to provide its software services to customers for the purposes of identifying any ownership, infringement, or FTC Act risks.
Representative Transactions Experience
- Overhauled client’s entire contracting process (from customer to vendor to operational partner) to address risks specific to being a software company in a highly-regulated industry looking for an exit in 1-3 years.
- Acted as key outside counsel for software company launching a novel product into the restaurant industry, ensuring that exposure was appropriately limited in each potential customer engagement and ever-adapting the contracting process to meet the technical nuances of depending upon third-party systems.
- Provided software company using global service providers’ application programming interfaces (“APIs”) advice regarding limitations of applicable license agreements and potential challenges certain terms present in the context of a future exit.
- Provided cryptocurrency mining services company advice regarding how to structure terms of a service agreement to ensure the company owns the software and technology built in connection with a particular customer engagement.
- Represented globally prominent healthcare system in its procurement of several technology products and services, including on-premise software, SaaS solutions and capital equipment.
- Represented private equity investment firm in its acquisition of a digital fundraising services company that operates a data lake and leverages several proprietary applications, algorithms and models in its business.
Representative Data Privacy & Security Services
- Advised online retailer on the use of pixels, gifs, and other tracking technologies, including how to structure website and app functionality to process opt-out requests.
- Assisted education technology company with developing and publishing privacy notices in compliance with Children’s Online Privacy Protection Act of 1998 (“COPPA”) and new product license terms that address institutional customer’s Family Educational Rights and Privacy Act (“FERPA”) and state-specific (e.g., New York State Education Law Section 2-D) obligations related to student data.
- Advised media organization on a process for responding to consumer requests made under various privacy laws, including the California Consumer Privacy Act of 2018 (“CCPA”), the EU/UK General Data Protection Regulation (“GDPR”).
- Advised a multi-location healthcare provider on considerations to be made when adopting a new process for accepting credit card payments and ensuring compliance with the Payment Card Industry Data Security Standard (“PCI DSS”).
- Drafted language for use by a fintech software company in its standard customer contracts to establish its role as a service provider for the purposes of the CCPA.
- Advised victim of credential stuffing regarding reportability requirements under applicable data breach laws.
Credentials
Education
- Certified Artificial Intelligence Governance Professional, International Association of Privacy Professionals, 2024
- Certified Information Privacy Professional/United States, International Association of Privacy Professionals, 2021
- LegalBizDev Certified Legal Project Manager® Program, 2019
- University of St. Thomas School of Law, J.D., concentration in Organizational Ethics and Compliance, magna cum laude
- DePaul University, B.A.
Admissions
- Minnesota, 2015
Clerkships
- Law Clerk, Honorable William H. Koch, State of Minnesota, 2016-2017
Recognition
- Living the Mission Award, University of St. Thomas School of Law, 2024
Civic & Professional
Professional Activities
- Minnesota State Bar Association, Member
- Hennepin County Bar Association, Member
Community
- University of St. Thomas School of Law IP and Technology Law Advisory Committee, Member
- University of St. Thomas School of Law First Year Curriculum, ROADMAP Coach
News & Insights
- Firm NewsMegan Bowman Earns Artificial Intelligence Governance Professional Certification from International Association of Privacy Professionals
- Firm NewsMegan Bowman Receives University of St. Thomas School of Law Living the Mission Award
- EventHealth Law Webinar—Digital Health Transactions: AI and Big Data
News
Speaking Engagements
Legal Updates
- Legal Update
- Legal Update
- Legal Update
- Legal Update
Publications & Presentations
Speaker, “Guidance for AI Use: Practical Scenarios and Risk Assessment,” Minnesota CLE Seminar: 2024 In-House Counsel Crash Course, November 14, 2024
Quoted, “Minnesota Attorneys Examine Patchwork of State and Federal Health Privacy Laws,” Minnesota Lawyer, April 2024
Author, "HIPPA and Beyond: The Risks and Rewards of Big Data in Healthcare," Federal Bar Association, April 2023
Author, “Inside View: Vulnerability,” Hennepin Lawyer, January/February 2021