Rather than waiting for AI-specific legislation, plaintiffs are trying to fit AI-related conduct into existing statutes, many containing statutory damages provisions. As a result, companies training, deploying, and monetizing AI systems are facing a heightened risk of wiretap, biometric privacy, employment-discrimination, consumer-protection, and common-law privacy theories.
1. Wiretap and Eavesdropping Statutes for AI Chatbots, Voice Agents, and Conversational Analytics
Claims under the federal Wiretap Act, Electronic Communications Privacy Act, and state laws such as the California Invasion of Privacy Act (“CIPA”) have long targeted session-replay vendors and call-recording systems. Plaintiffs are now applying those same theories to AI-powered customer service tools, voice assistants, transcription systems, and conversational analytics platforms.
Plaintiffs are alleging that AI vendors used customer communications for their own commercial purposes, such as model training or product improvement – not just to help the business they’re contracting with accomplish its purposes. These claims are meeting mixed results at the motion to dismiss stage.
In Ambriz v. Google (N.D. Cal., filed Oct. 2023), the court held Google’s contact-center AI functioned as a participant rather than a third-party eavesdropper. Lisota v. Heartland Dental / RingCentral (N.D. Ill., filed July 2025) reached a similar conclusion under the federal Wiretap Act’s “ordinary course of business” exception, holding that internal use doesn’t reach the public and training your own model is different from selling ad targeting. And in Riganian v. LiveRamp (N.D. Cal., filed Jan. 2025) CIPA and Wiretap Act claims survived dismissal based on allegations involving large-scale collection and monetization of personal data through tracking technologies.
But other courts have reached the opposite conclusion. In Taylor v. ConverseNow Technologies, Inc. (N.D. Cal., filed Jan. 2025), CIPA claims survived against an AI restaurant-ordering vendor alleged to have used customer calls to improve its conversational AI systems. Tate v. VITAS Healthcare Corp. (E.D. Cal., filed May 2024) similarly permitted claims involving third-party AI conversation software used during healthcare calls to survive dismissal.
2. Common-Law Privacy, Unfair Competition, and Anti-Hacking Theories for AI Data Scraping and Training
Unlike many other categories discussed here, these cases primarily target AI developers rather than downstream deployers. Where developers scrape, aggregate, or monetize personal data to train and improve AI systems, plaintiffs are alleging common-law privacy claims, unfair competition theories, and violations of consumer protection laws and the Computer Fraud and Abuse Act.
In Reddit v. Anthropic (Cal. Super. Ct., filed June 2025), Reddit sued alleging breach of contract, unjust enrichment, trespass to chattels, and unfair competition theories—but not federal copyright law. The case is now embroiled in a removal dispute that may prove as consequential as the merits: Anthropic argues Reddit’s state-law claims are preempted by the Copyright Act, and the court’s resolution of that question will shape how future plaintiffs choose to frame AI scraping cases.
Another case, Reddit v. Perplexity (Cal. Super. Ct., filed Oct. 2025), raises similar theories, framing unauthorized scraping of Reddit’s user-generated content as unjust enrichment through misappropriation of proprietary data assets because there were, allegedly, no licensing agreement, no compensation, no compliance with Reddit’s deletion and access-restriction obligations to its own users.
3. Right-of-Publicity and Voice-Misappropriation Claims for AI Cloning
Right-of-publicity laws protect individuals’ ability to control the commercial use of their name, voice, likeness, and identity. Plaintiffs have asserted that those protections apply when AI systems generate digital replicas without meaningful consent.
The central issue in these cases is often scope of consent. For example, in Lehrman & Sage v. Lovo, Inc. (S.D.N.Y., filed May 2024), professional voice actors alleged recordings obtained for limited purposes were later used to create commercial AI voice clones. The court allowed right-of-publicity, breach-of-contract, and consumer-protection claims to proceed, while dismissing copyright and trademark claims.
States vary significantly in their treatment of publicity rights, but recent legislation reflects increasing focus on AI-generated replicas. California’s AB 1836 and AB 2602 target unauthorized digital replicas of performers, while the proposed federal No Fakes Act would create a national framework governing unauthorized synthetic likenesses. Tennessee’s ELVIS Act (effective July 2024), the first state law directly targeting AI voice cloning, goes further still by creating liability both for unauthorized use of a person’s voice, and for developers and distributors of the AI tools used to produce it.
Companies developing or licensing AI voice, avatar, or synthetic-performer systems should ensure contributors clearly understood how their voices or likenesses would be used.
4. Biometric Privacy Statutes for AI Facial, Voice, and Identity Analytics
Illinois’ Biometric Information Privacy Act (“BIPA”) remains a significant statutory risk facing AI-enabled facial, voice, and identity analytics. BIPA broadly requires notice, written consent, and retention limitations before collecting or using biometric identifiers, like face scans or voiceprints. And AI systems can increase exposure because biometric collection, processing, and retention can occur continuously and at scale.
The In re Clearview AI MDL settlement (N.D. Ill., first suits filed 2020) is illustrative. Clearview allegedly scraped publicly available photos across the Internet to build a facial recognition database sold to law enforcement and private clients but didn’t comply with BIPA’s notice, consent, or data-destruction mandates. With a potential class covering virtually anyone whose face appeared online, statutory damages threatened to exceed the company’s total value. The parties ultimately settled for a 23% equity stake in Clearview, valued at approximately $51.75 million — the first settlement of its kind in BIPA litigation
5. FCRA and “Consumer Report” Theories for AI Hiring and Applicant Scoring
Some plaintiffs are testing a new theory that AI hiring and applicant-scoring tools function as employment-related consumer reporting systems governed by the Fair Credit Reporting Act (“FCRA”).
Thus far, this theory has targeted AI-generated suitability or eligibility scores derived from data beyond the applicant’s own submission (like online profiles, location signals, or device information). Whether AI hiring vendors qualify as “consumer reporting agencies” remains unsettled and may depend heavily on how the systems are structured and marketed. But at least for now plaintiffs are trying to apply the theory beyond resume-screening tools to any AI system used to evaluate individuals in consequential decision-making contexts.
6. Copyright Infringement and DMCA Theories for AI Training and Output Generation
A growing wave of litigation argues that AI developers infringed copyrights at scale by ingesting copyrighted material to train their models, and that AI-generated outputs can themselves infringe by reproducing or closely deriving from protected expression. Fair use is the central defense across these cases; three courts have issued early rulings with mixed results, and no definitive resolution is expected before mid-2026.
Andersen v. Stability AI (N.D. Cal., filed Jan. 2023) is the leading case. Visual artists alleged image-generation models were trained on billions of copyrighted images scraped without authorization, and that outputs could reproduce their distinctive styles. Direct infringement claims survived early dismissal; the case is now in discovery with trial set for September 2026. Getty Images has pursued parallel U.S. and U.K. proceedings alleging large-scale copying of approximately 12 million images, including outputs allegedly reproducing Getty watermarks.
In Doe 1 v. GitHub / Microsoft (N.D. Cal., filed Nov. 2022), developers alleged AI-assisted coding tools reproduced licensed code without preserving attribution; the district court dismissed the DMCA copyright-management-information claims for insufficient similarity, and that ruling is now on interlocutory appeal at the Ninth Circuit.
For companies deploying third-party AI rather than training foundational models, direct copyright exposure is more limited, but not absent. Risk arises where generated outputs reproduce protected material, where businesses fine-tune models on datasets without sufficient rights, or where vendor agreements fail to address training-data provenance.
7. Employment and Anti-Discrimination Statutes Applied to Automated Decision-Making
Federal and state anti-discrimination laws prohibit hiring systems that screen out applicants based on protected characteristics like age, race, or disability. Plaintiffs are now asserting that employers using AI hiring tools and the vendors who built them can face direct liability when those tools produce discriminatory outcomes.
Mobley v. Workday (N.D. Cal., filed Feb. 2023) is illustrative. The court allowed claims to proceed on an “agent” theory — i.e., the AI vendors were subject to direct liability under Title VII and the ADEA because they functioned as agents of the employer — and in May 2025 granted preliminary collective certification potentially covering hundreds of millions of applicants rejected through Workday’s platform. Harper v. Sirius XM Radio (E.D. Mich., filed Aug. 2025) seeks to extend the same theory to employers using third-party AI tools internally, alleging that reliance on inputs like zip codes and educational history as screening criteria functions as a proxy for race. These claims are distinct from the FCRA theories discussed above, but the same AI hiring tool can trigger both frameworks simultaneously.
8. Deceptive Trade Practices and “AI Washing” Claims
These cases generally focus on claims that companies overstated AI capabilities, inaccurately described how AI systems functioned, or misrepresented how user data was collected, processed, or protected. Similar theories are increasingly appearing in both regulatory enforcement actions and private litigation.
The FTC’s “Operation AI Comply” initiative in 2024 emphasized that AI products remain fully subject to existing consumer-protection laws. Regulators have also increasingly warned companies against overstating whether products are truly “AI-powered” or making unsupported claims about AI functionality.
State attorneys general have taken similar positions. The Texas AG’s 2024 settlement with Pieces Technologies — a healthcare AI company that marketed its clinical-summarization product to hospitals with a claimed hallucination rate of less than one in 100,000, which the AG found likely inaccurate — is one example of UDAP enforcement reaching AI accuracy claims specifically. And California’s Attorney General issued guidance emphasizing that California’s Unfair Competition Law applies to AI-related representations involving capabilities, privacy practices, and AI-generated content disclosures.
For public companies, these theories may also overlap with securities-fraud exposure where AI-related statements allegedly influence investor decision-making.