Data Protection

FTC Targets EdTech Data Practices in Final Order Following Major Student Data Breach

June 18, 2026 By Maki DePalo, Jennifer Everett, Yin Tydir and Lili Song

On June 5, 2026, the Federal Trade Commission (“FTC”) gave final approval to a modified consent order against Illuminate Education, Inc. (“EdTech Provider”), a K-12 software vendor, settling allegations that the EdTech Provider did not adequately protect the personal data of more than 10 million students. The action — which follows a public comment period […]

Louisiana Delays App Store Accountability Effective Date to July 2027

May 27, 2026 By Maki DePalo, Daniel Felz and Hyun Jai Oh

On May 15, 2026, the Louisiana Governor signed HB 977 (Bill) into law, delaying the effective date of the Louisiana App Store Accountability Act (ASAA) by one year, to July 1, 2027. The amendments to the Louisiana ASAA come amid ongoing First Amendment challenges to similar laws in other states, and resemble recent developments in […]

NYDFS Issues Frontier AI Advisory and Guidance for Heightened Cyber Threat Environment

May 26, 2026 By Kim Peretti, Ashley Miller, Lance Taubin and Taylor Veracka

On May 21, 2026, the New York Department of Financial Services (“NYDFS”) issued two Industry Letters to the organizations it regulates (“Regulated Entities”): “Heightened Cybersecurity Risks Associated with Frontier AI Models” (the “Advisory”) and “Guidance on Measures Regulated Entities Should Consider in a Heightened Cybersecurity Threat Environment” (the “Guidance”) (collectively, the “Letters”). The Letters discuss […]

Your AI Therapist May Need a Lawyer: Pennsylvania Brings Suit Against Chatbot Developer

May 14, 2026 By Jennifer Everett, Sean Sullivan, Jennifer Pike, Sara Pullen and Jonathan Jagoda

Our Health Care Group investigates a lawsuit against Character.AI that raises legal risks for AI platforms presenting themselves as licensed professionals and signals tightening regulatory scrutiny. AI chatbot developers could face regulatory action, private lawsuits, and reputational harm if bots imply professional credentials or offer regulated advice Federal and state authorities are increasing scrutiny of chatbot […]

The Era of AI-Driven Data Breaches Has Arrived

May 13, 2026 By Amanda Wellen, Ashley Miller and Donald Houser

A recent lawsuit signals the rapid convergence of issues relating to artificial intelligence, vendor‑managed platforms, and individual arbitration in the data breach ecosystem. In Woodard v. OpenAI, Inc. & Mixpanel, Inc., Case No. 3:25-cv-10301 in the Northern District of California, Plaintiffs alleged that Mixpanel uses artificial intelligence technologies developed by OpenAI to collect user data. […]