Alston & Bird Privacy, Cyber & Data Strategy Blog

FTC Sends Letters Reminding Data Brokers of their Obligations under PADFAA

February 25, 2026 By Jennifer Everett, Daniel Felz, Alex Brown and Santi Villar

On February 9, 2026, the Federal Trade Commission (“FTC”) sent letters to thirteen data brokers reminding them of their obligations to comply with the Protecting Americans’ Data from Foreign Adversaries Act of 2024 (“PADFAA”). We previously wrote an article and Peter Swire published a white paper at the Cross-Border Data Forum (“CBDF”) describing PADFAA in detail. PADFAA went into effect on June 24, 2024. PADFAA regulates “data brokers”, which are defined as any entity that “for valuable … [Read more] about FTC Sends Letters Reminding Data Brokers of their Obligations under PADFAA

Spanish DPA Releases Agentic AI Guidance

February 23, 2026 By Alice Portnoy and Wim Nauwelaerts

On 18 February 2026, the Spanish Data Protection Authority (Agencia Española de Protección de Datos or ‘AEPD’) published an 81‑page guidance document on the privacy aspects of AI systems operating as agents - commonly referred to as ‘agentic AI’. The … [Read more] about Spanish DPA Releases Agentic AI Guidance

Federal Court Rules using AI Tools can Waive Privilege, Even if Privileged Information is Input into Them

February 16, 2026 By Daniel Felz, Dorian Simmons and Christian Seremetis

On February 10, 2026, the U. S. District Court for the Southern District of New York held that a criminal defendant could not claim attorney-client privilege over documents he produced using a commercially available artificial intelligence (“AI”) … [Read more] about Federal Court Rules using AI Tools can Waive Privilege, Even if Privileged Information is Input into Them

New Jersey Expands HIPAA-Based Exemptions Under Its Comprehensive Privacy Law

February 16, 2026 By Jennifer Everett, Dorian Simmons and Sara Pullen

On January 20, 2026, the New Jersey Governor signed Assembly Bill A5017 (“Amendment”), amending the New Jersey Data Protection Act (“NJDPA”). The Amendment exempts data that is not protected health information (“non-PHI”) from the NJDPA when it is … [Read more] about New Jersey Expands HIPAA-Based Exemptions Under Its Comprehensive Privacy Law

FBI Launches Operation Winter SHIELD in Effort to Advance Cyber Resilience Across Critical Sectors

February 4, 2026 By Kim Peretti, Lance Taubin and Andrew Rice

On January 28, 2026, the Federal Bureau of Investigation (FBI) announced the launch of Operation Winter SHIELD, a coordinated initiative designed to promote adoption of core defensive measures that are shown to mitigate common intrusion vectors. … [Read more] about FBI Launches Operation Winter SHIELD in Effort to Advance Cyber Resilience Across Critical Sectors