Alston & Bird Privacy, Cyber & Data Strategy Blog

Your AI Therapist May Need a Lawyer: Pennsylvania Brings Suit Against Chatbot Developer

May 14, 2026 By Jennifer Everett, Sean Sullivan, Jennifer Pike, Sara Pullen and Jonathan Jagoda

Our Health Care Group investigates a lawsuit against Character.AI that raises legal risks for AI platforms presenting themselves as licensed professionals and signals tightening regulatory scrutiny. AI chatbot developers could face regulatory action, private lawsuits, and reputational harm if bots imply professional credentials or offer regulated advice Federal and state authorities are increasing scrutiny of chatbot design, marketing, and the effectiveness of disclaimers Businesses … [Read more] about Your AI Therapist May Need a Lawyer: Pennsylvania Brings Suit Against Chatbot Developer

UK Cyber Security Breaches Survey 2025/2026: Key Takeaways

May 14, 2026 By Hanna Hewitt and Kelly Hagedorn

The UK Government has published its 2025/2026 Cyber Security Breaches Survey, which is drawn from information received from thousands of UK businesses. The 2025/2026 survey paints a picture of a cyber threat landscape that is stable in its scale … [Read more] about UK Cyber Security Breaches Survey 2025/2026: Key Takeaways

The Era of AI-Driven Data Breaches Has Arrived

May 13, 2026 By Amanda Wellen, Ashley Miller and Donald Houser

A recent lawsuit signals the rapid convergence of issues relating to artificial intelligence, vendor‑managed platforms, and individual arbitration in the data breach ecosystem. In Woodard v. OpenAI, Inc. & Mixpanel, Inc., Case No. 3:25-cv-10301 … [Read more] about The Era of AI-Driven Data Breaches Has Arrived

Dutch DPA Fines Taxi App €100M Over Unlawful Transfers of Personal Data to Russia, Despite Use of EU Standard Contractual Clauses

May 10, 2026 By Alice Portnoy and Wim Nauwelaerts

On April 1, 2026, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) imposed a €100 million fine on MLU B.V., the Dutch operator of the Yango taxi app. The AP found that personal data of EU users was unlawfully transferred to … [Read more] about Dutch DPA Fines Taxi App €100M Over Unlawful Transfers of Personal Data to Russia, Despite Use of EU Standard Contractual Clauses

One Federal Privacy Bill to Rule Them All?

April 29, 2026 By Jennifer Everett, Jennifer Pike and Sara Pullen

On April 21, 2026, Republican lawmakers on the House Energy & Commerce Committee, including Congressman Brett Guthrie and Congressman John Joyce, M.D., Leader of the Energy and Commerce Data Privacy Working Group, introduced the “Securing and … [Read more] about One Federal Privacy Bill to Rule Them All?