/>iWith the increase in AI-related litigation and regulatory action, it is critical for companies to monitor the AI technology landscape and think proactively about how to minimize risk. To help companies navigate these increasingly choppy waters, we’re pleased to present part one of our series discussing emerging legal trends. Future alerts in the series will cover:
- Deep dives into regulatory activity at both the federal and state levels.
- Risk mitigation steps companies can take when vetting and adopting new AI-based technologies, including chatbots, virtual assistants, speech analytics, and predictive analytics.
- Strategies for companies that find themselves in court or in front of a regulator with respect to their use of AI-based technologies.
But first, some background.
AI on Trial: How Did We Get Here?
In October 2023, we wrote about the emerging legal risks impacting businesses using new technologies, such as AI-powered website chat functions. In Chat with Caution, we discussed a new wave of privacy litigation seeking to dramatically expand state wiretapping laws to encompass new customer service technologies, and we identified measures that companies should take to avoid being targeted.
During 2024, class action plaintiffs increased their focus on new technologies and wiretapping laws, and courts began to address some of the thornier legal issues as claims proceeded past initial pleading stages. In late October 2024, we wrote about a critical decision at the Massachusetts Supreme Judicial Court rejecting plaintiffs’ theory that wiretapping laws could be extended to website tracking technologies. Nonetheless, we noted that the decision in Massachusetts doesn’t help to resolve cases in courts in other states, especially in California, where judges may reach different conclusions.
Meanwhile, regulators at the Federal Trade Commission (FTC) recently launched “Operation AI Comply,” which it describes as a “new law enforcement sweep,” related to using new AI technologies in misleading or deceptive ways.
And, while the incoming administration may have different enforcement priorities regarding AI, Operation AI Comply is rooted in concerns about Big Tech that are shared by the leadership in both political parties.
Additionally, the FTC’s actions to date under Operation AI Comply are tied to their longstanding authority over deceptive trade practices — meaning that any substantial shifts in focus are unlikely in the short-term. Regulatory action is not limited to the federal level – state attorneys general are taking notice as well, including in states that are litigation hotbeds, such as Massachusetts and California.
Plaintiffs Break Through in Federal Court
Though many courts have rejected the argument that wiretapping laws apply to new technologies such as chatbots, including the recent decision by the Massachusetts Supreme Judicial Court in Vita v. New England Baptist Hospital, plaintiffs have found success in the U.S. District Court for the Northern District of California.
In Yockey v. Salesforce, plaintiffs survived a motion to dismiss after sufficiently arguing that an undisclosed third-party chatbot service provider violated wiretapping laws because it both intercepted the chats before they arrived at the intended recipient (pharmacies with whom the customers thought they were chatting) and had the ability to use the intercepted chats for their own purposes, such as to improve its own products and services and for analytics.
Even though the pharmacies authorized the third party to provide a chatbot service, users were not made aware of this arrangement and did not consent to that third party receiving and transmitting their communications.
In courts that adopt a broad interpretation of wiretap laws, future cases could extend to other technologies beyond chatbots, such as scribing technologies, customer service center analytics and evaluation software, and other digital customer service tools.1
By the same token, future decisions could reject the reasoning in Yockey, at least with respect to technologies that simply record basic data points about a user’s behavior on a site but do not record the contents of a communication.
Even in courts that have rejected a broad interpretation of state wiretap laws, the risk of litigation remains, as plaintiffs shift their focus to federal wiretap laws paired with other state laws. This strategy was seen most recently in the amended complaint in Doe v. Atrius Health, Inc., where in response to the Vita decision, the plaintiff replaced a Massachusetts Wiretap Act claim with a Federal Wiretap Act claim and six state law claims, and subsequently removed the case to federal court.2 A similar strategy was also adopted in McManus v. Tufts Medical Center, Inc.3
Moving claims to federal court, however, may not be a panacea, as plaintiffs are likely to face additional hurdles. A recent example can be found in the Ninth Circuit. In Daghaly v. Bloomingdales, LLC, the plaintiff argued that Bloomingdales’ use of advertising technologies on its website violated the California Invasion of Privacy Act (CIPA).
The Ninth Circuit affirmed dismissal of the case without reaching the question of whether CIPA applies. Because the data transmitted to third parties was limited to information about the site visit and did not include meaningful communications, the court found that the plaintiff had not met the injury threshold required to access federal courts.
The law in this area is quickly evolving, and courts will likely continue to adopt differing views. We will continue to monitor the evolving case law and share additional information in future alerts in this series.
1See, e.g., Class Action Complaint and Demand for Jury Trial, Paulino v. Navy Federal Credit Union, No. 24-cv-03298 (N.D. Cal. May 31, 2024) (customer call center technology). The case has since been voluntarily dismissed and, at the time of writing, no information could be found on subsequent filings by the plaintiff.
2See Defendant’s Notice of Removal, at 3, Doe v. Atrius Health, Inc., No. 1:25-cv-10020 (D. Mass. Jan. 3, 2025).
3No. 1:25-cv-10008 (D. Mass. Jan. 2, 2025).
