Regulatory Enforcement

New York AG Announces $650,000 Settlement with Social Media App Developer for Students’ Privacy and Safety Concerns

March 12, 2025 By Alex Brown, Maki DePalo and Hyun Jai Oh

On March 7, 2025, the Office of the New York State Attorney General (NY AG) published an Assurance of Discontinuance (Assurance) settling claims against Saturn Technologies, Inc. (company), a developer of a social media app for high school students. The NY AG found that the company made unsubstantiated claims about the app’s privacy and safety […]

California Attorney General Targets Location Data in New Investigative Sweep

March 12, 2025 By David Keating and Hyun Jai Oh

This week California Attorney General Rob Bonta announced a new investigative sweep under the California Consumer Privacy Act (CCPA). We have anticipated this sweep for some time based on the focus and the direction of a number of inquiries, investigations, and enforcement proceedings initiated by Attorney General Bonta’s office over the past 12-24 months. The […]

State AGs Publish Guidance on How State Laws Apply to AI

February 3, 2025 By Daniel Felz, Jennifer Everett, Alex Brown and Dorian Simmons

On December 24, 2024 and January 13, 2025, the Oregon Attorney General’s Office and the California Attorney General’s Office published advisories (collectively, “Advisories”) explaining how existing statutes may be used to regulate, investigate and enforce against artificial intelligence (“AI”). These Advisories serve to remind AI developers, suppliers and users of heightened regulatory scrutiny of AI, […]

NYDFS Issues Final Circular Letter Guidance on Use of AI in Insurance Underwriting and Pricing

August 9, 2024 By Daniel Felz, Lance Taubin, Colton Jackson and Hyun Jai Oh

On July 11, 2024, the New York Department of Financial Services (“NYDFS”) released Insurance Circular Letter No. 7, which establishes guidelines on the use of artificial intelligence systems (“AIS”) and external consumer data and information sources (“ECDIS”) in insurance underwriting and pricing (“Final Circular Letter”). The Final Circular Letter comes in the wake of a […]

Dutch Data Protection Authority Warns that Using AI Chatbots Can Lead to Personal Data Breaches

August 9, 2024 By Wim Nauwelaerts

On August 6th, the Dutch Data Protection Authority (DPA) issued guidance cautioning companies about the potential data protection risks associated with the use of Artificial Intelligence (AI)-powered chatbots. In its guidance, the DPA reports that it has recently received several notifications of personal data breaches caused by employees sharing personal data with a chatbot that […]