Alston & Bird Privacy, Cyber & Data Strategy Blog

Colorado Replaces Landmark AI Act—Creating New Trails for AI Rules and Private AI Litigation

May 14, 2026 By Daniel Felz, Cynthia Cole and Anna von Spakovsky

On May 12, 2026, the Colorado legislature passed SB 26-189, which repeals and replaces its landmark Artificial Intelligence Act. Colorado is doing away with the concept of “algorithmic discrimination” and moving instead to a notice- and disclosure-based regime focused on automated decision-making. This time, it does so without a carve-out for deployers who are small businesses. On May 17, 2024, Colorado became the first state in the nation to enact a comprehensive AI law. The Colorado … [Read more] about Colorado Replaces Landmark AI Act—Creating New Trails for AI Rules and Private AI Litigation

Your AI Therapist May Need a Lawyer: Pennsylvania Brings Suit Against Chatbot Developer

May 14, 2026 By Jennifer Everett, Sean Sullivan, Jennifer Pike, Sara Pullen and Jonathan Jagoda

Our Health Care Group investigates a lawsuit against Character.AI that raises legal risks for AI platforms presenting themselves as licensed professionals and signals tightening regulatory scrutiny. AI chatbot developers could face regulatory … [Read more] about Your AI Therapist May Need a Lawyer: Pennsylvania Brings Suit Against Chatbot Developer

UK Cyber Security Breaches Survey 2025/2026: Key Takeaways

May 14, 2026 By Hanna Hewitt and Kelly Hagedorn

The UK Government has published its 2025/2026 Cyber Security Breaches Survey, which is drawn from information received from thousands of UK businesses. The 2025/2026 survey paints a picture of a cyber threat landscape that is stable in its scale … [Read more] about UK Cyber Security Breaches Survey 2025/2026: Key Takeaways

The Era of AI-Driven Data Breaches Has Arrived

May 13, 2026 By Amanda Wellen, Ashley Miller and Donald Houser

A recent lawsuit signals the rapid convergence of issues relating to artificial intelligence, vendor‑managed platforms, and individual arbitration in the data breach ecosystem. In Woodard v. OpenAI, Inc. & Mixpanel, Inc., Case No. 3:25-cv-10301 … [Read more] about The Era of AI-Driven Data Breaches Has Arrived

Dutch DPA Fines Taxi App €100M Over Unlawful Transfers of Personal Data to Russia, Despite Use of EU Standard Contractual Clauses

May 10, 2026 By Alice Portnoy and Wim Nauwelaerts

On April 1, 2026, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) imposed a €100 million fine on MLU B.V., the Dutch operator of the Yango taxi app. The AP found that personal data of EU users was unlawfully transferred to … [Read more] about Dutch DPA Fines Taxi App €100M Over Unlawful Transfers of Personal Data to Russia, Despite Use of EU Standard Contractual Clauses