Alston & Bird Privacy, Cyber & Data Strategy Blog

Privacy & Cyber Regulatory Enforcement

Colorado Replaces Landmark AI Act—Creating New Trails for AI Rules and Private AI Litigation

By , and

On May 12, 2026, the Colorado legislature passed SB 26-189, which repeals and replaces its landmark Artificial Intelligence Act. Colorado is doing away with the concept of “algorithmic discrimination” and moving instead to a notice- and disclosure-based regime focused on automated decision-making. This time, it does so without a carve-out for deployers who are small […]

Your AI Therapist May Need a Lawyer: Pennsylvania Brings Suit Against Chatbot Developer

By , , , and

Our Health Care Group investigates a lawsuit against Character.AI that raises legal risks for AI platforms presenting themselves as licensed professionals and signals tightening regulatory scrutiny. AI chatbot developers could face regulatory action, private lawsuits, and reputational harm if bots imply professional credentials or offer regulated advice Federal and state authorities are increasing scrutiny of chatbot […]

Dutch DPA Fines Taxi App €100M Over Unlawful Transfers of Personal Data to Russia, Despite Use of EU Standard Contractual Clauses

By and

On April 1, 2026, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) imposed a €100 million fine on MLU B.V., the Dutch operator of the Yango taxi app. The AP found that personal data of EU users was unlawfully transferred to affiliated entities in Russia, despite the formal use of the EU Standard Contractual Clauses […]

One Federal Privacy Bill to Rule Them All?

By , and

On April 21, 2026, Republican lawmakers on the House Energy & Commerce Committee, including Congressman Brett Guthrie and Congressman John Joyce, M.D., Leader of the Energy and Commerce Data Privacy Working Group, introduced the “Securing and Establishing Consumer Uniform Rights and Enforcement over Data Act”, the SECURE Data Act (the “Act”). The Act is designed […]

Challenge to Utah’s App Store Accountability Act Voluntarily Dismissed Following Statutory Amendments

By and

On April 21, 2026, the Computer & Communications Industry Association (trade association) voluntarily dismissed its constitutional challenge to the Utah App Store Accountability Act (ASAA). The dismissal follows statutory amendments enacted earlier this year that removed the Utah Attorney General’s (AG) authority to enforce the law. This sequence of events underscores the increasingly complex and […]