Balancing efficiency and privacy: AI’s impact on legal confidentiality and privilege

Friday 29 November 2024

Davinia Cutajar

WH Partners, Malta
davinia.cutajar@whpartners.eu

For centuries, the confidentiality between lawyer and client has been sacrosanct – a foundational pillar of the legal profession. From their first day as junior associates to retirement, lawyers are instilled with the understanding that client information, in any form, is inviolable. Yet as artificial intelligence (AI) becomes more integrated into legal work, a new challenge arises: can these tools, designed to enhance efficiency, avoid compromising the confidentiality that clients expect, and the law demands?

Generative AI: what it is and how lawyers use it

Generative AI, a subset of general-purpose AI systems, has gained particular prominence in recent years. These models, governed by the newly introduced Regulation (EU) 2024/1689 (the ‘AI Act’), are trained on vast datasets to produce text, images, and other forms of content. By identifying patterns and structures within data, they generate outputs that mirror the information provided.

Scepticism over the use of AI in legal practice has faded. Increasingly, professionals now rely on AI tools for tasks such as legal research and the creation of template documents. These technologies have undoubtedly enhanced workplace efficiency. However, this reliance has occasionally slipped into negligence, as evidenced by recent cases in the US and Canada where lawyers unwittingly submitted fabricated legal precedents generated by AI.

Such incidents underscore the risks inherent in AI tools – particularly regarding confidentiality. In the legal profession, breaches of confidentiality not only harm clients but also threaten the profession’s integrity. The introduction of AI into this equation raises critical questions about whether traditional notions of confidentiality can withstand this technological shift.

Confidentiality and AI: a growing risk

Confidentiality is the bedrock of the European legal system. Lawyers are bound by duty – and in some cases, law – not to disclose information shared by clients or related to their cases. This duty encompasses all forms of client-related information, whether obtained directly from the client or through third parties.

However, AI introduces a new dynamic. When lawyers use public generative AI models, there is an inherent risk that confidential information entered into these systems may be stored by the provider, potentially breaching confidentiality obligations. Even a seemingly innocuous action – such as using AI to draft an email that inadvertently includes client-specific information – can result in a serious breach.

Compounding this risk is AI's inherent data-driven nature. The information input into AI models is typically stored and used to train these systems further. Generative AI lacks the ability to distinguish between confidential and non-sensitive data, processing whatever is given to it as part of its ongoing learning. This creates a significant risk for lawyers, whose profession depends on safeguarding client confidentiality at all costs.

Legal professional privilege and AI-generated documents

Legal professional privilege (LPP), which protects communications between lawyers and clients, has long been contentious, particularly within the European Union. The principle is fundamental to the rule of law, but its scope and application can vary across jurisdictions. Recent rulings by the Court of Justice of the European Union have highlighted this ambiguity, with some judgments potentially expanding LPP’s reach.

The question is whether LPP extends to AI-generated documents. If these documents are created directly in connection with a legal matter and used for client communications, one might argue that privilege applies. However, if such documents are shared with third parties or contain information derived from public AI models, LPP’s protection becomes harder to assert. More troubling still is the possibility that the use of AI itself might compromise the privileged nature of communications, as opposing counsel could argue that AI usage undermines confidentiality.

Legal consequences for lawyers

The potential legal consequences of AI-related confidentiality breaches are yet to be fully explored within the EU. However, under the AI Act, it is conceivable that lawyers could face legal action for failing to disclose the use of AI in handling client information. If such usage leads to the unauthorised processing or transmission of confidential data, the consequences could be severe.

Lawyers also risk professional sanctions for breaches of confidentiality, regardless of the role AI plays. Many jurisdictions have codes of ethics governing how confidential information must be handled, and it is only a matter of time before these regulations explicitly address AI use. Furthermore, breaches involving AI could also fall under GDPR, where the improper handling of personal data could expose lawyers to liability.

Confidentiality is not merely a legal requirement; it is tied to fundamental human rights. Article 8 of the European Convention on Human Rights protects the right to privacy, and any breach of confidentiality risks violating this principle. As AI becomes more prevalent, the legal profession must remain vigilant to ensure its tools do not compromise these rights.

Safeguarding confidentiality in the age of AI

One potential solution is for law firms to invest in privately managed AI systems. This would allow lawyers to benefit from AI's efficiency without exposing client data to external providers. However, such systems require significant investment and expertise to manage securely.

Another, more immediate, solution is heightened caution. Lawyers must verify that no confidential information is input into AI systems unless those systems are fully secure. Furthermore, courts may soon follow the example of US states like Illinois and Texas, where standing orders mandate disclosure if a document has been AI-assisted. Such measures could serve to protect the sanctity of the courtroom from AI-driven breaches of confidentiality.

The rapid pace of AI development means that legal frameworks struggle to keep up. The potential for data breaches and misuse of confidential information is clear. If the legal profession is to continue its role as the guardian of client confidentiality, it must adapt to AI with ethical rigour, ensuring that the foundational principles of the profession are not sacrificed in the pursuit of efficiency.