Key Issues in Negotiating AI Technology Vendor Contracts: IP, privacy, cybersecurity, and liability

Julia B. Jacobson | Squire Patton Boggs 

A significant portion of Julia’s practice is devoted to advising clients on an array of privacy, cybersecurity, data breach and data governance matters. She assists clients with the design and development of privacysensitive policies for the collection and use of personal data. Julia regularly advises businesses on the privacy and cybersecurity aspects of environmental, social and governance (ESG) programs, ethical data use, machine learning and artificial intelligence, vendor contracting and management and business sales, combinations and acquisitions.

She has helped her clients design, develop and implement compliance programs to meet the challenges of the evolving privacy and cybersecurity law landscape, including the California Consumer Privacy Act and other US state privacy and cybersecurity laws, the EU’s General Data Protection Regulation, the UK Data Protection Act 2018, cross-border personal data transfers and New York Department of Financial Services Cybersecurity Regulations, as well as to align with industry standards, including the National Institute of Standards and Technology (NIST) cybersecurity and privacy frameworks, and ESG standards and frameworks. Julia also serves as the data breach coach for several national and international clients.

Alexandra (Sasha) Kiosse | Squire Patton Boggs

Alexandra (Sasha) Kiosse is an associate who splits her time between the Data Privacy, Cybersecurity & Digital Assets Practice and the Corporate Practice. Sasha advises national and international companies on data privacy, artificial intelligence and other emerging technology, and corporate law matters.

In the Data Privacy, Cybersecurity & Digital Assets Practice, Sasha assists clients in developing and implementing a wide range of compliance policies, notices and assessments to meet laws and industry frameworks. Her practice includes advising organizations on privacy issues associated with children’s data, cross-border data transfers, the complex data use and protection issues involved with emerging technology, and the changing US privacy and cybersecurity law landscape. Within the Corporate Practice, she advises corporate clients on merger and acquisition transactions and corporate governance.

Michael R. Overly | Foley & Lardner LLP

Michael Overly is a partner in Foley & Lardner’s Information Technology & Outsourcing Group and Privacy, Security and Information Management Groups. He is one of the few practicing lawyers who has satisfied the rigorous requirements necessary to obtain the Certified Information System Auditor (CISA), Certified Information Systems Security Professional (CISSP), Information Systems Security Management Professional (ISSMP), Certified in Risk and Information Systems Controls (CRISC), Certified Outsourcing Professional (COP), and Certified Information Privacy Professional (CIPP) certifications.

He writes and speaks frequently regarding negotiating and drafting technology transactions and the legal issues of technology in the workplace, email, and electronic evidence. He has written numerous articles and books on these subjects and is a frequent commentator in the national press (e.g., the New York Times, Chicago Tribune, Los Angeles Times, Wall Street Journal, ABCNEWS.com, CNN, and MSNBC) and has testified before the U.S. Congress regarding online issues.

Ashley M. Kennedy | Foley & Lardner LLP

Ashley Kennedy is a Technology, Transactions, Cybersecurity & Privacy Practice Group member within Foley & Lardner’s Intellectual Property Department. Ashley provides counsel on structuring and negotiating technology agreements to create strategic and advantageous business relationships between companies. She has experience drafting and negotiating commercial agreements, including intellectual property licenses, software-as-a-service agreements, master services agreements, distribution agreements, non-disclosure agreements, and technology transfer agreements. Ashley also has experience structuring and addressing the intellectual property components of mergers and acquisitions and other corporate transactions.

Tyler J. Thompson | Reed Smith LLP

Tyler advises clients on data privacy and protection, technology contracts and contract processes, websites and mobile apps, digital accessibility, artificial intelligence, and data issues in the franchise space. He offers clients practical and efficient legal counsel, striving to manage costs and risks with business-friendly strategies. With deep experience in digital compliance, Tyler focuses on handling all aspects of a client’s website, platform, game, or mobile app to achieve compliance while maintaining the best user experience. His practice also focuses on creating enforceable digital agreements with users. He also helps clients reduce website scraping risks.

Tyler has designed and implemented privacy compliance programs for clients ranging from Fortune 500 companies to startups, ensuring those clients are compliant with U.S. and international privacy laws. Advice on those programs includes, among other things, data retention and minimization, privacy by design, data inventories, and privacy impact assessments. Tyler is accredited by the American Bar Association and the International Association of Privacy Professionals (IAPP) as a Privacy Law Specialist. He is also certified by the IAPP as a Fellow of Information Privacy (FIP), Certified Information Privacy Professional for the United States (CIPP/US), Europe (CIPP/E), Asia, (CIPP/A) and Canada (CIPP/C) as well as a Certified Information Privacy Manager (CIPM) and Certified Information Privacy Technologist (CIPT). Tyler is also an ISACA Certified Data Privacy Solutions Engineer (CDPSE).

In the technology space, Tyler counsels on artificial intelligence (including generative AI and LLMs), open-source software, digital marketing, software licensing, and SaaS agreements. Tyler works with clients to modernize commercial contracting processes and privacy practices, enabling in-house attorneys to function more efficiently and conserve resources. He is certified by the IAPP as an Artificial Intelligence Governance Professional (AIGP). Tyler focuses on hard-to-draft agreements, combining elements of data rights, digital compliance, and emerging technologies.

Outside of the firm, Tyler practices archery, is an FAA certified private pilot, and a PADI certified SCUBA diver. He is on a mission to see every national park, MLB stadium, and good tiki bar in the United States.

Morgan Jones | Brown Rudnick LLP

Morgan Jones is an associate in the firm’s Corporate Practice Group and a member of the Emerging Growth Companies & Venture Capital Group. He represents early- and growth-stage technology companies through all stages of the technology lifecycle, from structuring, formation, financing, licensing, and data privacy matters through exit. He works closely with companies to launch and develop products, build customers and scale, acquire technology assets, draft a wide variety of commercial agreements, negotiate customer transactions, and strategic partnerships. He also advises companies on best practices for product development where there is little existing regulation and high potential liability, particularly in the field of artificial intelligence.

As an EU/U.S. certified information privacy professional (CIPP) and a privacy law specialist (PLS), he frequently advises companies on legal and operational compliance with various privacy laws on a global level, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) among others. Morgan uses this knowledge to regularly guide companies in responding to data breaches and cyberattacks and interacting with regulators and customers after a breach.

Morgan also regularly counsels clients in developing and maintaining their trademark portfolios, and preparing strong assets to maximize corporate value, both with consumers and with licensing marks to partners. Morgan received his J.D. from Seton Hall University School of Law and his B.S. from Rutgers University School of Engineering.

• Common uses of AI technology
  
• How AI technology is similar to and different from other types of technology
  
• The AI legal framework
  
• Vendor selection factors unique to AI technology vendors
  

Break | 11:30am – 11:40am

Session II – Negotiation Tactics for Al Technology Vendor Contracts | 11:40am – 12:40pm

• Data ownership
  
• Jurisdictional considerations
  
• Representations and warranties
  
• Indemnities and liability caps
  

Break | 12:40pm – 12:50pm

Session III –Effective Vendor Contract Management: Minimizing risk in AI, cloud services, and software agreements | 12:50pm – 3:00pm

• Understanding the key risks and common pitfalls in cloud services and software license agreements

Break | 1:50pm – 2:00pm

Session IV — Privacy and Security Considerations in AI Vendor Contracts | 3:10pm – 4:10pm

• Data protection addendums in the AI context
• Security considerations and provisions
• Notice and transparency issues
• Potential privacy and security risk while using AI

Break | 4:10pm – 4:20pm

Session V – Considerations in Software and Cloud Services Agreements | 4:20pm – 5:20pm

• Key considerations with respect to cloud services agreements
• Understanding software licensing agreements
• Negotiating software licensing agreements
• Approaching unique opportunities and challenges involving artificial intelligence and machine learning