Alston & Bird Privacy, Cyber & Data Strategy Blog

On April 1, 2026, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) imposed a €100 million fine on MLU B.V., the Dutch operator of the Yango taxi app. The AP found that personal data of EU users was unlawfully transferred to affiliated entities in Russia, despite the formal use of the EU Standard Contractual Clauses […]

The post

On April 21, 2026, Republican lawmakers on the House Energy & Commerce Committee, including Congressman Brett Guthrie and Congressman John Joyce, M.D., Leader of the Energy and Commerce Data Privacy Working Group, introduced the “Securing and Establishing Consumer Uniform Rights and Enforcement over Data Act”, the SECURE Data Act (the “Act”). The Act is designed […]

  On March 16, 2026, the Delaware Court of Chancery issued an opinion finding that the CEO of a major gaming company followed guidance from ChatGPT (referred to here as the “AI Tool“”) to breach a $500 million acquisition agreement. This dispute joins a growing list of cases in which chatbot records have entered the […]

The post

On April 7, 2026, several plaintiffs (“Plaintiffs”) filed a putative class action complaint in the Northern District of California against Sutter Health, Memorial Health Services Inc. and Memorial Care Medical Foundation (the “Providers”).  The complaint alleges the Providers illegally recorded Plaintiffs’ confidential medical information by using an AI-powered “ambient ...

On April 21, 2026, the Computer & Communications Industry Association (trade association) voluntarily dismissed its constitutional challenge to the Utah App Store Accountability Act (ASAA). The dismissal follows statutory amendments enacted earlier this year that removed the Utah Attorney General’s (AG) authority to enforce the law. This sequence of events underscores the...