Our Health Care Group investigates a lawsuit against Character.AI that raises legal risks for AI platforms presenting themselves as licensed professionals and signals tightening regulatory scrutiny. AI chatbot developers could face regulatory action, private lawsuits, and reputational harm if bots imply professional credentials or offer regulated advice Federal and state authorities are increasing scrutiny of chatbot […]
Privacy & Cyber Regulatory Enforcement
Dutch DPA Fines Taxi App €100M Over Unlawful Transfers of Personal Data to Russia, Despite Use of EU Standard Contractual Clauses
On April 1, 2026, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) imposed a €100 million fine on MLU B.V., the Dutch operator of the Yango taxi app. The AP found that personal data of EU users was unlawfully transferred to affiliated entities in Russia, despite the formal use of the EU Standard Contractual Clauses […]
One Federal Privacy Bill to Rule Them All?
On April 21, 2026, Republican lawmakers on the House Energy & Commerce Committee, including Congressman Brett Guthrie and Congressman John Joyce, M.D., Leader of the Energy and Commerce Data Privacy Working Group, introduced the “Securing and Establishing Consumer Uniform Rights and Enforcement over Data Act”, the SECURE Data Act (the “Act”). The Act is designed […]
Challenge to Utah’s App Store Accountability Act Voluntarily Dismissed Following Statutory Amendments
On April 21, 2026, the Computer & Communications Industry Association (trade association) voluntarily dismissed its constitutional challenge to the Utah App Store Accountability Act (ASAA). The dismissal follows statutory amendments enacted earlier this year that removed the Utah Attorney General’s (AG) authority to enforce the law. This sequence of events underscores the increasingly complex and […]
Britain’s Financial Regulators Raise the Bar on Cyber Reporting and Resilience
Cyber risk has shifted from a technical issue to a systemic one and Britain’s financial regulators are making that reality unmistakably clear. On March 18, 2026, the Financial Conduct Authority (FCA), Prudential Regulation Authority (PRA), and Bank of England announced a new, unified cyber and operational resilience framework that strengthens the requirements on how firms […]