U.S. Privacy and Data Protection Updates | Insights | Q1 2026 (Federal Law)

The FTC is using AI enforcement to push longstanding privacy themes: truthful data related claims, clear disclosures, and easy ways to stop or avoid unwanted data use.

FTC’s AI Focus: Deception and Dark Patterns

Recent FTC actions show an agency treating AI as another context where unfair or deceptive data practices may face legal action. Enforcement has emphasized efforts on misleading AI marketing, opaque data uses, and hard to cancel subscriptions that quietly extend data collection and monetization.

AI Washing and Accuracy Claims

• The FTC has repeatedly warned that there is no “AI exemption” from truth in advertising; companies must have solid substantiation for claims about accuracy, safety, or performance of AI tools.

• In cases involving tools like AI content detectors and facial recognition systems, the agency alleged that vendors overstated detection rates and understated bias, effectively misleading customers about how reliable the technology was in real world use.

Dark Patterns and “Sticky” Subscriptions

• The Commission continues to bring cases where AI-enabled services use manipulative flows to nudge users into recurring subscriptions and make cancellation difficult.

• For AI-powered platforms that rely on ongoing data flows (e.g., behavioral or usage data), these dark patterns raise both deception and privacy concerns, because consumers are not given a fair chance to stop the data collection associated with paid plans.

Examples: AI Products, Privacy Problems

Across sectors, AI enforcement has doubled as privacy enforcement by targeting how tools collect, use, and represent consumer data.

JustAnswer (Pearl / AI Q&A platform)

• In a 2026 lawsuit, the FTC alleged that an AI-powered Q&A service tricked users into costly, recurring subscriptions by obscuring terms and making cancellation difficult.

• Because the platform relied on detailed user queries and profiles, the alleged deception effectively prolonged access to—and monetization of—sensitive consumer information.
  

Cleo AI (fintech budgeting assistant)

• Cleo agreed to pay millions to resolve claims that it misled consumers about cash advance amounts and made it hard to cancel subscriptions.

• The case highlights how AI-driven financial tools can blur the line between helpful “advice” and aggressive data-driven product steering, especially when users are not clearly told what data is collected, how it is used, and what happens if they try to exit.

DoNotPay and IntelliVision (legal and facial recognition tools)

• The FTC took action against DoNotPay, the self-described “robot lawyer,” for promising that its AI could replace human attorneys when it allegedly could not deliver; the settlement required payments and clear disclosures about limitations.

• IntelliVision was charged with making false statements about the accuracy and bias of its facial recognition product, underscoring that claims about fairness and nondiscrimination must be backed by robust testing.

Privacy Takeaways for AI Builders and Buyers

For companies developing or deploying AI tools, these enforcement trends offer a concrete compliance checklist.

• Align marketing with reality

• Avoid sweeping claims that AI is “100% accurate,” “bias-free,” or a full replacement for professionals unless you have rigorous, documented evidence that matches those promises.

• Disclose material limitations—such as false positive rates, domain restrictions, or the need for human review—especially where users might rely on outputs for legal, health, financial, or safety critical decisions.

• Make data practices transparent

• Clearly describe what personal data the AI collects (inputs, logs, inferred data), how it is used, and whether it is shared or used to train models.

• Provide layered disclosures that are easy to find in product flows, not just in long privacy policies or terms of service.

• Avoid dark patterns in signups and cancellations

• Structure subscription and upgrade paths so that key terms (billing, renewal, and data use) are obvious, and cancellation is as easy as signup.

• Make sure users can terminate both the service and the associated data use without navigating hidden menus or confusing interfaces.

• Build and document testing

• For tools that hinge on accuracy, bias reduction, or safety (e.g., detectors, scoring systems, security scanners), maintain written testing protocols and results that can substantiate your claims.

• Consider independent audits or third-party testing where appropriate, particularly for facial recognition, risk scoring, or other sensitive AI applications.

If your organization is building or deploying AI tools, Kronenberger Rosenfeld, LLP can help you navigate the fastmoving AI, privacy, and FTC enforcement landscape. The firm’s AI compliance attorneys design practical, business-friendly compliance programs that account for U.S. agency guidance, emerging international rules, and real-world product constraints.​ To discuss how the firm can support your AI compliance strategy, contact us today through our online submission form.