Megan A. Bowman, CIPP, AIGP

Megan is Chair of the Firm’s Artificial Intelligence Practice and a leading advisor to companies that build, deploy, and use artificial intelligence and data driven technologies. As both a Certified Artificial Intelligence Governance Professional (AIGP) and a Certified Information Privacy Professional (CIPP), Megan is a sought after authority on AI governance, data protection, and emerging technology regulation.

Megan advises clients across the full AI lifecycle—from conception and development through deployment, commercialization, and exit—delivering practical, business centered guidance that enables innovation while managing regulatory, contractual, and operational risk. Her clients include technology companies, healthcare organizations, SaaS providers, digital platforms, and investors relying on AI as a core business capability.

Her practice focuses on:

• Advising companies on the development, procurement, and deployment of AI systems, including governance frameworks, internal controls, and risk management strategies
• Drafting and negotiating AI related commercial agreements, including customer, vendor, licensing, and data processing agreements
• Counseling clients on compliance with AI specific and data protection laws, including the EU AI Act, U.S. state privacy laws (such as the CCPA/CPRA), biometric privacy laws (including BIPA), children’s privacy laws (such as COPPA), and global privacy regimes including GDPR and LGPD
• Leading AI, data protection, and algorithmic impact assessments, gap assessments, and compliance remediation efforts
• Serving as an outside AI, privacy, and product counsel to in house legal, product, and engineering teams
• Advising on future state technology strategy, AI commercialization, and risk positioning in advance of financings, acquisitions, and corporate exits

Megan also works closely with the Firm’s Corporate Division as a subject matter expert in AI, intellectual property, technology, and data privacy, leading and supporting AI focused diligence in mergers, acquisitions, investments, and financings.

In addition to her client work, Megan plays an active role in advancing and modernizing the practice of law, supporting the Firm’s efforts on the responsible adoption, governance, and internal use of AI technologies in legal service delivery.

Megan serves as an Adjunct Professor at the University of St. Thomas School of Law, where she teaches “AI and the Law,” preparing the next generation of lawyers to navigate the legal, ethical, and practical challenges of artificial intelligence.

Representative Artificial Intelligence Experience

• Analyzed the terms of a proposed agreement from a multinational technology company looking to access a publishing company’s content for the purposes of training its large-language models and algorithms. Drafted a summary of legal issues and considerations for discussion at the board level.
• Advised client on the risks associated with using a phone system that contractually permitted the vendor to use audio files and video recordings for training proprietary models and algorithms.
• Drafted guide of legal considerations when using artificial intelligence tools for client’s internal use and training.
• Negotiated license agreement with data broker providing data for use in modeling and scoring the value of marketing leads and for verifying the accuracy of various third party’s customer relationship management (CRM) system data.
• Negotiated specialty healthcare provider practice’s ground-level participation agreement in a multi-tenant data lake and related software system that included the training of models using de-identified data derived from PHI.
• Diligenced the development of various algorithms and models used by a target company to provide its software services to customers for the purposes of identifying any ownership, infringement, or FTC Act risks.

Representative Transactions Experience

• Overhauled client’s entire contracting process (from customer to vendor to operational partner) to address risks specific to being a software company in a highly-regulated industry looking for an exit in 1-3 years.
• Acted as key outside counsel for software company launching a novel product into the restaurant industry, ensuring that exposure was appropriately limited in each potential customer engagement and ever-adapting the contracting process to meet the technical nuances of depending upon third-party systems.
• Provided software company using global service providers’ application programming interfaces (APIs) advice regarding limitations of applicable license agreements and potential challenges certain terms present in the context of a future exit.
• Provided cryptocurrency mining services company advice regarding how to structure terms of a service agreement to ensure the company owns the software and technology built in connection with a particular customer engagement.
• Represented globally prominent healthcare system in its procurement of several technology products and services, including on-premise software, SaaS solutions and capital equipment.
• Represented private equity investment firm in its acquisition of a digital fundraising services company that operates a data lake and leverages several proprietary applications, algorithms and models in its business.

Representative Data Privacy and Security Services

• Advised online retailer on the use of pixels, gifs, and other tracking technologies, including how to structure website and app functionality to process opt-out requests.
• Assisted education technology company with developing and publishing privacy notices in compliance with Children’s Online Privacy Protection Act of 1998 (COPPA) and new product license terms that address institutional customer’s Family Educational Rights and Privacy Act (FERPA) and state-specific (e.g., New York State Education Law Section 2-D) obligations related to student data.
• Advised media organization on a process for responding to consumer requests made under various privacy laws, including the California Consumer Privacy Act of 2018 (CCPA), the EU/UK General Data Protection Regulation (GDPR).
• Advised a multi-location healthcare provider on considerations to be made when adopting a new process for accepting credit card payments and ensuring compliance with the Payment Card Industry Data Security Standard (PCI DSS).
• Drafted language for use by a fintech software company in its standard customer contracts to establish its role as a service provider for the purposes of the CCPA.
• Advised victim of credential stuffing regarding reportability requirements under applicable data breach laws.

Education

• Certified Artificial Intelligence Governance Professional, International Association of Privacy Professionals, 2024
• Certified Information Privacy Professional/United States, International Association of Privacy Professionals, 2021
• LegalBizDev Certified Legal Project Manager^® Program, 2019
• University of St. Thomas School of Law, J.D., concentration in Organizational Ethics and Compliance, magna cum laude
• DePaul University, B.A.

Admissions

• Minnesota, 2015

Clerkships

• Law Clerk, Honorable William H. Koch, State of Minnesota, 2016-2017

• Dean's Award for Outstanding Teaching, University of St. Thomas School of Law, 2026
• Living the Mission Award, University of St. Thomas School of Law, 2024

Professional Activities

• Minnesota State Bar Association, Member
• Hennepin County Bar Association, Member

Community

• University of St. Thomas School of Law, Adjunct Professor, “AI and the Law”
• University of St. Thomas School of Law IP and Technology Law Advisory Committee, Member
• University of St. Thomas School of Law First Year Curriculum, ROADMAP Coach