Introduction

Recent developments in Artificial Intelligence ("AI") have brought the mainstream use of AI into our daily lives and daily work lives. While AI has been used by litigators for over a decade in e-discovery, new applications and tools that utilize AI are prompting new questions. One of these questions is: whether and how organizations can use AI without waiving privilege. Many meetings, including with legal counsel, are now conducted using videoconferencing platforms such as Microsoft Teams, Google Meet or Zoom. AI note-taking applications often 'attend' these meetings to transcribe meeting notes and generate meeting summaries. Does the presence of such an AI notetaker during a meeting result in waiving solicitor-client privilege? To answer this, we need to consider both privilege and how AI works.

Solicitor-Client Privilege

In order for solicitor-client privilege to 'attach' to a communication, an organization must: (a) intend to keep the communication confidential; and (b) act reasonably in achieving this end. Even where privilege has attached to a communication, it can still be waived by the privilege-holder. This can occur intentionally or unintentionally. A classic example, and one which is relevant here, is when a client gives a third party access to their privileged communications in a manner that fails to maintain confidentiality.

Artificial Intelligence in Meetings With Lawyers

AI's mainstream availability and use is in its infancy. However, Canadian courts and government bodies have been relatively quick to issue directions and guidance related to the use of AI (and it's anticipated that more is coming). The Law Society of British Columbia has issued a Guidance on Professional Responsibility and Generative AI and the Alberta Courts, Supreme Court of Yukon, and the Court of King's Bench of Manitoba have issued practice directions regarding the use of AI in court submissions. However, these directions and guidance have not covered the question raised about AI notetakers and privilege. In these early days, there are two ways to think about AI in the meeting context.

The first is to construe AI as a sentient being equivalent to a person attending a meeting. Through this lens, AI is arguably no different than a notetaker, simply recording what has been said at the meeting. Canadian courts have considered privilege in the context of a notetaker. They concluded that individuals and technology that simply act as messengers – like notetakers and translators – can be present for conversations without negating the formation of privilege or constituting a waiver of privilege. However, their role in the conversation and what they are permitted to do with the information they receive (or the notes they generate) should be consistent with the party's intention of keeping the communication confidential.

The second way to construe AI is as a technology, akin to something like an email server or other cloud service provider. Through this lens, the question becomes whether the provision of confidential information to, or creation of confidential information by, such a technology – both during the meeting and as a storage mechanism – effects privilege. Although the law is less clear on this point, the answer seems to come back to whether reasonable steps are taken to protect the confidentiality and privilege of the communications when using the technology, including the confidentiality, privilege and ownership of any notes or summaries generated by the AI notetaker.

Protecting Privilege and Confidentiality

Considering the foregoing, what steps can organizations take to protect confidentiality and privilege? The safest route is to turn off the notetaker application during meetings with legal counsel so there is no risk that the notes are inadvertently disclosed to another user or otherwise handled in a way that waives privilege.

However, if an organization does decide to use AI applications in the context of receiving legal advice, below are some suggestions for reducing risk to confidentiality and privilege:

  1. Vet your AI Vendor thoroughly: Not all AI products are created equal. Ensure that you are working with a reputable company with the technological capabilities to ensure that (a) your information remains confidential, (b) you retain ownership over the content that is input and generated, and (c) any licenses the AI vendor may have to content don't expose your information to a waiver of privilege. Public platforms and "free" services, generally, should be avoided given contractual risks associated with them.
  2. Negotiate the contract carefully: If you can, carefully negotiate the terms of service with your AI service provider, with special attention to the contractual provisions around confidentiality, data security, intellectual property (both ownership and license grants), data ownership, and privacy. If the AI application is being hosted on a third party's server, ensure you know where your data is being hosted (geographically) and that appropriate legal protections are in place if data will be transferred across borders.
  3. Implement the technology correctly: After purchasing an AI tool, work diligently with the vendor and your internal teams to ensure the product is set up correctly with respect to access rights, ethical walls and other confidentiality controls. Having a right to occasionally audit the AI vendors data and security practices can also be useful. Make sure your end-users are properly trained on its use, and subject to appropriate confidentiality and user policies.
  4. Ensure all privileged calls are identified: In general, organizations should start meetings with a standard statement to ensure privilege is protected. This should include: (1) stating the purpose of the meeting; (2) confirming that the content of the meeting is privileged; (3) confirming all notes will be marked as subject to a claim of solicitor-client privileged; and (4) confirming all notes are confidential and only to be made available to those who require access on a need-to-know basis.
  5. Create an AI "Notetaker" Policy: Consider adopting a policy within your organization that requires note taker AI tools to be contractually reviewed by legal counsel prior to their adoption, or ban or limit the use of such note taker in any communications with legal counsel.

Conclusion

No matter how you frame the issue, integrating AI into potentially privileged communications requires caution and attention to confidentiality, security, ownership and license rights, and data sovereignty. Organizations should integrate both technological and contractual safeguards, as well as appropriate implementation and internal policies to ensure their privileged information remains safe when using AI.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.