Privacy & Cybersecurity Litigation

Colorado Replaces Landmark AI Act—Creating New Trails for AI Rules and Private AI Litigation

May 14, 2026 By Daniel Felz, Cynthia Cole and Anna von Spakovsky

On May 12, 2026, the Colorado legislature passed SB 26-189, which repeals and replaces its landmark Artificial Intelligence Act. Colorado is doing away with the concept of “algorithmic discrimination” and moving instead to a notice- and disclosure-based regime focused on automated decision-making. This time, it does so without a carve-out for deployers who are small […]

Your AI Therapist May Need a Lawyer: Pennsylvania Brings Suit Against Chatbot Developer

May 14, 2026 By Jennifer Everett, Sean Sullivan, Jennifer Pike, Sara Pullen and Jonathan Jagoda

Our Health Care Group investigates a lawsuit against Character.AI that raises legal risks for AI platforms presenting themselves as licensed professionals and signals tightening regulatory scrutiny. AI chatbot developers could face regulatory action, private lawsuits, and reputational harm if bots imply professional credentials or offer regulated advice Federal and state authorities are increasing scrutiny of chatbot […]

The Era of AI-Driven Data Breaches Has Arrived

May 13, 2026 By Amanda Wellen, Ashley Miller and Donald Houser

A recent lawsuit signals the rapid convergence of issues relating to artificial intelligence, vendor‑managed platforms, and individual arbitration in the data breach ecosystem. In Woodard v. OpenAI, Inc. & Mixpanel, Inc., Case No. 3:25-cv-10301 in the Northern District of California, Plaintiffs alleged that Mixpanel uses artificial intelligence technologies developed by OpenAI to collect user data. […]

Challenge to Utah’s App Store Accountability Act Voluntarily Dismissed Following Statutory Amendments

April 27, 2026 By Maki DePalo and Hyun Jai Oh

On April 21, 2026, the Computer & Communications Industry Association (trade association) voluntarily dismissed its constitutional challenge to the Utah App Store Accountability Act (ASAA). The dismissal follows statutory amendments enacted earlier this year that removed the Utah Attorney General’s (AG) authority to enforce the law. This sequence of events underscores the increasingly complex and […]

CalPrivacy Goes to the Board with Digital Advertising-Focused Enforcement

March 9, 2026 By Cynthia Cole, Dorian Simmons and Anna von Spakovsky

On February 27, 2026, the California Privacy Protection Agency (“CalPrivacy”) issued an order (the “Order”) requiring a sports-focused media and technology company (the “Company”) to pay a $1.10 million administrative fine for violations of the California Consumer Privacy Act (“CCPA”). The action continues California regulators’ scrutiny of how companies deploy cookies, software development kits and […]