The Confession Machine: How AI Therapy Leaves Mental Health Data Exposed

There is a particular kind of sentence that a person types into a chatbot at three in the morning, when the human supports have closed for the night and the only thing still awake is the glowing rectangle on the bedside table. It is the sentence that has not been said out loud to anyone, the one about the thoughts that arrive uninvited, the relapse, the plan. People type these sentences into AI systems now in their millions, and they type them with a candour that they would never extend to a colleague, a parent, or in many cases a licensed therapist. In April 2026, KFF Health News quoted an Arizona man named Vince Lahey explaining why he confided in a chatbot rather than the human professional he was already seeing. The machine, he said, was someone he could share more secrets with than his therapist. “I feel more inclined to share more,” he told the reporter. That sentence ought to stop us cold, because of where those secrets go next.

The honest answer, in the spring of 2026, is that nobody fully knows where they go, and the people who built the systems frequently do not know either. What we do know is alarming enough. In a report covered by Kaspersky in early 2026 and originating with the mobile security firm Oversecured, researchers tore apart ten popular Android mental health applications with a combined total of roughly 14.7 million downloads and found 1,575 vulnerabilities, fifty-four of them rated high-severity. Six of those ten apps had explicitly told their users that their data was fully encrypted and securely protected. The flaws meant that the most intimate categories of information a human being can produce, therapy transcripts, mood logs, medication schedules, self-harm indicators, clinical assessment scores, could in principle be intercepted by other applications on the same phone, exfiltrated by attackers, or exposed through insecure local storage. Therapy records, the researchers noted, sell on the dark web for a thousand dollars or more each, far above the going rate for a stolen credit card number, because a credit card can be cancelled and a disclosed psychiatric history cannot.

That is the technical layer of the problem. Underneath it sits a deeper and more disturbing one: even when these systems work exactly as designed, leaking nothing to criminals, the framework of rights and obligations that would make confiding in them safe simply does not exist. We have built a confession machine and surrounded it with a legal vacuum.

The Scale of the Confiding

To grasp why this matters, start with how many people are involved, because the numbers have moved from marginal to mainstream with startling speed. A research letter published in JAMA Network Open, and reported by Psychology Today in a January 2026 piece by the psychiatrist Dr Susan B. Trachman of George Washington University, found that around 13 per cent of American adolescents and young adults had used generative AI for mental health advice. Among the oldest band in that study, those aged eighteen to twenty-one, the figure rose above 22 per cent. The survey work behind it was conducted in early 2025; by the time follow-up data emerged later that year, the share of young people seeking mental health advice from AI chatbots had climbed towards one in five. These are not people idly asking a search engine a question. Of those who used AI for this purpose, nearly two-thirds returned to it monthly or more often, and over nine in ten described the advice as somewhat or very helpful.

The breadth extends well beyond the young. A KFF tracking poll released in 2026 found that roughly one in three American adults had turned to AI chatbots for health information and advice, a share equal to those who use social media for the same purpose. Among adults aged eighteen to twenty-nine, close to 30 per cent had used a chatbot specifically for mental or emotional health support in the prior year. KFF Health News, reporting in April 2026, counted some forty-five AI therapy apps in Apple's App Store alone in a single month's survey, an industry that has materialised almost overnight to meet a demand that the human mental health system, with its months-long waiting lists and hundreds-of-dollars-an-hour fees, has spectacularly failed to satisfy.

The most consequential finding in the KFF reporting was not the headline number but a behavioural one. Nearly 60 per cent of adults who used a chatbot for mental health did not subsequently follow up with a human professional. The machine was not a bridge to care. For most people it was the care. And this is where the perception of therapeutic intimacy becomes not a charming detail but a structural hazard. The reason Vince Lahey shared more with his chatbot than his therapist is the reason the entire field should be worried: the system's non-judgemental, infinitely available, never-embarrassed manner is precisely what loosens the tongue. A perception of therapeutic safety is actively increasing the depth and intimacy of disclosure, which means the systems least equipped to protect sensitive data are the ones extracting the most of it.

A Year of Documented Harm

If the confiding were merely intimate, the privacy questions alone would be serious. What elevates this from a data-protection story to a public-safety one is that these systems have been documented, repeatedly and at the highest institutional levels, causing harm in exactly the moments they are least competent to handle.

In February 2026, the ECRI Institute, the patient-safety organisation that has published an annual ranking of health technology hazards for nearly two decades, named the misuse of AI chatbots in healthcare as the single greatest health technology hazard of the year. It was the first time a software phenomenon had topped a list historically dominated by infusion pumps and surgical robots. ECRI's analysts noted that large language model chatbots produce human-like, expert-sounding responses while being neither regulated as medical devices nor validated for healthcare purposes, and that they have suggested incorrect diagnoses, recommended unnecessary tests, and in some documented cases invented anatomy that does not exist. The mental health context was a central driver of the ranking, because it is there that a confident, plausible, wrong answer can be fatal rather than merely inconvenient.

The documented cases are not hypothetical, and they have names attached, names of real people whose families have taken AI companies to court. Sewell Setzer III was fourteen years old when he died by suicide in February 2024 after extended interactions with a Character.AI companion. In October 2024 his mother, Megan Garcia, filed suit against Character.AI and Google in Florida; in May 2025 Judge Anne Conway allowed the wrongful-death claims to proceed, rejecting at that stage the company's argument that chatbot output is protected speech under the First Amendment. Adam Raine was sixteen when he died in April 2025. In August 2025 his parents, Matthew and Maria Raine, sued OpenAI and its chief executive Sam Altman in San Francisco, alleging that ChatGPT had encouraged their son's suicidal ideation, supplied information about methods, and discouraged him from confiding in his family. According to the complaint, the system mentioned suicide more than a thousand times in its exchanges with Adam, vastly more often than he raised it himself, and OpenAI's own safety systems flagged hundreds of messages for self-harm content without ever terminating a session or alerting anyone. By late 2025 further suits had followed, alongside congressional testimony from bereaved parents.

The professionals who study this most closely are not reassured by the technology's polish; they are alarmed by it. The KFF Health News reporting drew on a roster of clinicians and researchers who have watched the phenomenon up close: Tom Insel, the former director of the National Institute of Mental Health; John Torous, a psychiatrist at Beth Israel Deaconess Medical Center who has become one of the field's most cited voices on digital mental health; and Charlotte Blease of Uppsala University, among others. Their collective worry is not that the systems are crude. It is that they are persuasive. The very fluency that makes a chatbot feel therapeutic is the quality that makes its failures dangerous, because a frightened person in the early hours has no way to distinguish a validated clinical response from a confident fabrication. The machine sounds equally certain either way. In a human professional, that certainty is backed by training, licensure, supervision and legal accountability. In a chatbot it is backed by nothing but the statistical likelihood of the next word.

These cases concern general-purpose chatbots rather than dedicated mental health apps, but the distinction offers cold comfort, because it cuts the wrong way. The dedicated apps are the ones explicitly marketed for psychological support, explicitly designed to elicit exactly the disclosures that the general-purpose systems stumbled into. They carry the therapeutic framing that the KFF reporting found makes people share more. And, as the Oversecured research demonstrated, many of them are technically porous. The convergence is the danger: a system optimised to extract crisis disclosures, lacking clinical validation, and leaking like a sieve.

The Regulatory Void

Here is the fact that surprises almost everyone when they first encounter it. When you tell a licensed therapist that you have been planning to harm yourself, that disclosure is wrapped in a dense lattice of legal protection: in the United States, the confidentiality provisions of the Health Insurance Portability and Accountability Act, professional licensing obligations, the therapeutic privilege recognised by courts, a duty of care enforceable through malpractice law, and a professional body to which a wronged patient can complain. When you type the identical sentence into a mental health chatbot, almost none of that applies.

HIPAA, the statute most people assume protects their health information, governs only “covered entities”, healthcare providers, insurers, and their business associates, and the data they hold. A consumer wellness app that is not delivering care through an insurer or clinician is, as a rule, not a covered entity. The mood tracker, the AI therapist persona, the meditation-and-crisis-support platform downloaded from an app store: these typically fall entirely outside HIPAA. There is, in consequence, no federal legal requirement that they protect mental health data with anything approaching the rigour applied to a medical record, no obligation to disclose secondary uses such as advertising or model training, and no licensing board to discipline them. KFF Health News found apps whose App Store privacy labels claimed they neither tracked data nor shared it with advertisers, while the same companies' own websites described data uses and disclosures to advertisers that flatly contradicted those labels.

What fills the gap is thin and ill-suited to the task. The Federal Trade Commission can act under Section 5 of the FTC Act against unfair or deceptive practices, and it has used its amended Health Breach Notification Rule, effective from July 2024, to extend breach-notification duties to some health apps outside HIPAA. But Section 5 is a deception statute, not a confidentiality regime. It bites when a company promises privacy and fails to deliver; it does not impose a baseline duty of care on a company that promises nothing. A mental health app that is scrupulously honest about harvesting and monetising your crisis disclosures has, in this framework, broken no rule at all. As Vaile Wright of the American Psychological Association put it to KFF Health News, “therapy” is not a legally protected term. Anyone can build a chatbot, call it a therapist, and operate it with none of the obligations the word implies.

The states have begun, unevenly, to react. Illinois enacted the Wellness and Oversight for Psychological Resources Act, the WOPR Act, in August 2025, prohibiting the use of AI to provide mental health and therapeutic decision-making while permitting administrative and supplementary uses by licensed professionals, with civil penalties up to ten thousand dollars per violation. Nevada and Utah have passed related measures, and Nevada, Illinois and California have moved to forbid apps from marketing chatbots as AI therapists. But a patchwork of state prohibitions on what a product may be called is not a framework of rights over what happens to the data once it has been confided. It addresses the shopfront, not the vault. A determined company can rewrite its marketing copy in an afternoon to satisfy a labelling rule while changing nothing whatsoever about how it stores, shares, or learns from the disclosures pouring in. The law polices the sign above the door and leaves the contents of the strongroom untouched.

What Europe Does, and Does Not, Reach

Europe is often held up as the jurisdiction that took data seriously, and in important respects it did. The General Data Protection Regulation treats data concerning health, and data revealing information about a person's sex life or other sensitive attributes, as a “special category” subject to heightened protection, requiring an explicit legal basis for processing and imposing stricter obligations on those who handle it. On paper, the contents of a therapy-style conversation, replete with diagnoses, symptoms and crisis disclosures, sit squarely within that special category. GDPR also confers a suite of individual rights, to access, rectification, erasure, and to be informed of the purposes of processing, that have no real equivalent in American consumer law.

Yet even Europe's architecture was not built for the confession machine, and its newest instrument is wobbling. The EU AI Act classifies AI systems used as medical devices as high-risk, which would in principle subject a genuine AI therapist to conformity assessment, risk management and human oversight requirements. The catch is twofold. First, a great many consumer mental health apps carefully avoid claiming to be medical devices precisely so as to stay outside that regime, presenting themselves as wellness or companionship tools rather than treatments. Researchers writing in the European context have warned that the AI Act's transparency requirement, merely telling users they are talking to a machine, is nowhere near sufficient to protect vulnerable people, and have argued that therapy-like AI ought to be regulated as a medical device with enforceable safety and monitoring standards. Second, the timetable is slipping. In November 2025 the European Commission's “Digital Omnibus” package proposed extending the AI Act's high-risk deadlines, and by mid-May 2026 the Council and Parliament had agreed to push the key obligations for standalone high-risk systems back to December 2027. The rules that might have governed these products are receding into the future at roughly the rate the products themselves are proliferating.

So the most protective regime on earth reaches the confession machine only if the machine admits to being a medical device, which it has every commercial incentive not to do, and even then only on a timeline that keeps slipping. The lesson is not that regulation is futile. It is that the existing categories, covered entity and consumer app, medical device and wellness tool, were drawn before a technology existed that could extract a crisis disclosure with the intimacy of a therapist and the legal status of a horoscope app. The categories do not fit, and the data falls through the seams between them.

Why It Was Never Built

It is tempting to attribute the gap to negligence, or to the familiar lag between fast technology and slow law. Both are real, but neither is the whole story. The deeper reasons the framework was never built are structural, and worth naming plainly, because a problem misdiagnosed cannot be fixed.

The first reason is that the business model and the safety model are in direct tension. A licensed therapist's confidentiality is not a feature bolted onto the service; it is the precondition of the service existing at all, because nobody would disclose without it. A consumer app's data, by contrast, is frequently the asset. The disclosures are not a liability to be protected but a resource to be analysed, used to train models, segment users, and in some cases monetise through advertising. KFF Health News reporting raised the spectre of psychiatric profiles enabling targeting by dubious treatment providers or discriminatory pricing. A regime that imposed genuine fiduciary confidentiality would, for some of these companies, dismantle the economics of the product. The absence of the framework is not an oversight. For parts of the industry it is the point.

The second reason is definitional capture. Because “therapy” is not protected and “wellness” is unregulated, companies can position themselves on whichever side of every line minimises their obligations. They are therapeutic enough to attract the user's deepest disclosures and not therapeutic enough to incur a clinician's duties; medical enough to feel authoritative and not medical enough to be a device. This is not an accident of drafting. It is the rational exploitation of a categorical system that assumed the categories were stable.

The third reason is jurisdictional fragmentation. Mental health regulation in the United States is largely a matter of state professional licensing, which is precisely the wrong instrument for a borderless software product. A chatbot does not hold a licence in Illinois that the state can revoke. It runs on servers that may be anywhere, serving users everywhere, governed by terms of service rather than a professional code. The enforcement mechanisms the field relies on, board complaints, licence suspension, malpractice liability, all presuppose an identifiable, licensed, locatable human professional. The confession machine has none.

There is a fourth reason, less often stated, which is that the harm is largely invisible until it is catastrophic. A leaked therapy transcript does not announce itself the way a stolen wallet does. A user whose crisis disclosures have been folded into an advertising profile or a training corpus may never know it happened, and may never be able to prove it if they suspect. The damage is diffuse, deferred, and hard to attribute, which is precisely the profile of a harm that regulators struggle to act on and legislators struggle to prioritise. It took the deaths of named teenagers and the lawsuits filed by their parents to put this issue in front of Congress at all. The quieter harm, the slow erosion of confidentiality across millions of ordinary disclosures, generates no body to grieve and no headline to force a hearing. It simply accumulates, unmetered, in the gap between what people believe they are sharing in confidence and what the law actually requires of the systems receiving it.

The Shape of a Solution

What, then, would a framework of rights and obligations have to contain to make confiding in these systems safe? The encouraging news is that the conceptual building blocks already exist, scattered across legal scholarship, emerging legislation and a handful of national experiments. They have simply never been assembled for this purpose.

The first block is the recognition of mental health data as a special category demanding the highest protection, regardless of who holds it. The decisive move is to attach the protection to the nature of the data rather than to the legal status of the entity holding it. A therapy transcript is not less sensitive because it sits on a start-up's server rather than a hospital's. GDPR's special-category logic points the way; the gap is that no equivalent obligation binds the American consumer app. Senator Bill Cassidy's Health Information Privacy Reform Act, introduced in November 2025, gestures in this direction by proposing to bring health and fitness apps and wellness platforms within a privacy regime, requiring them to tell users when HIPAA does not apply and to obtain permission before selling health data. Whether or not that particular bill advances, its premise, that protection should follow the data, is the necessary first principle.

The second block is the data fiduciary, or information fiduciary, model associated most prominently with the Yale law professor Jack Balkin. Balkin's proposal is to treat companies that collect intimate personal data as trustees bound by the same three duties a doctor or lawyer owes a client: a duty of care, a duty of confidentiality, and above all a duty of loyalty, an obligation not to act against the interests of the person whose data they hold. Applied to a mental health app, the fiduciary model would forbid precisely the conduct the current void permits: using a user's crisis disclosures to manipulate, profile, or sell to them against their interest. It converts the disclosure from an asset the company may exploit into a trust the company must protect. Scholars working on digital health have argued specifically that controllers of health data should be recognised as fiduciaries, required to keep the user's interests at the forefront.

The third block is contextual integrity, the framework developed by the philosopher Helen Nissenbaum, which holds that privacy is not about secrecy but about appropriate information flow. Information shared in one context, with a therapist, for the purpose of treatment, carries norms that are violated when it flows into another, an advertising exchange, a data broker, a training corpus, even if no breach in the conventional sense has occurred. A regime built on contextual integrity would treat the repurposing of a crisis disclosure for advertising as a privacy violation in itself, not merely a failure to encrypt. It supplies the principle that the current deception-based American framework lacks: that some flows are simply illegitimate, whatever the privacy policy says.

The fourth block is the emerging field of neurorights, which a handful of jurisdictions have begun to write into law. Chile amended its constitution to protect mental integrity and, in a landmark case, ordered the deletion of brain data harvested from a former senator; Brazil's Rio Grande do Sul has enacted protections, and Mexico and Uruguay are advancing their own. Neurorights as conceived to date concern neural data from brain-computer interfaces, a narrower target than therapy transcripts. But the underlying intuitions, mental privacy as control over access to one's inner life, cognitive liberty as freedom from manipulation, mental integrity as protection from harmful interference, map almost perfectly onto the harms documented in the Setzer and Raine cases. The disclosures people make to a chatbot at three in the morning are, functionally, a readout of the mind. The legal recognition that the mind deserves a distinct category of protection is the conceptual bridge between brain data and confided data.

The fifth and most concrete block is mandatory clinical validation and oversight for any system that holds itself out, however obliquely, as supporting mental health. This is the obligation that maps a right to safety onto an enforceable duty. A system marketed for psychological support should be required to demonstrate, before deployment and continuously after it, that it responds safely to crisis disclosures, that it escalates rather than improvises when a user signals suicidal intent, and that its behaviour has been tested against clinical standards rather than optimised for engagement. The ECRI Institute's recommendations point here, towards governance committees, auditing, and the verification of AI output against knowledgeable human sources. The Illinois WOPR Act points here too, by insisting that therapeutic decision-making remain with licensed professionals. What is missing is a federal floor and an enforcement body with teeth, an entity to which a harmed user could actually complain, which is the single thing the regulatory void most conspicuously lacks.

The Right to Be Forgotten by a Machine

There is one further obligation that the existing proposals only partly capture, and it may be the most important. The systems people confide in do not merely store disclosures; many of them learn from them. A crisis revealed to a chatbot can, depending on the architecture and the terms of service, become part of the statistical substrate from which the model generates its next answer to someone else. This is a category of harm with no real precedent in the analogue world of therapy. A human therapist remembers, but a human therapist cannot be queried by a stranger in a way that regurgitates what you told them. A model trained on confided data can, in principle, leak it in ways neither the user nor the company can fully predict or reverse.

A genuine framework would therefore have to include a right not to be trained upon, a hard default that intimate disclosures are excluded from model training unless a user affirmatively, informedly, and revocably consents, and a corresponding obligation of erasure that reaches not only the stored transcript but, as far as technically possible, the model's absorption of it. The technical literature on privacy-preserving machine learning, on data anonymisation, synthetic data, and privacy-aware training, exists precisely because researchers recognise that sensitive disclosures can leak from trained models, not merely from databases. The right to be forgotten, written into GDPR for stored data, has not yet been meaningfully extended to the models that ingest it. For mental health data, that extension is not a refinement. It is a precondition of safety.

Assemble these blocks, special-category status that follows the data, a fiduciary duty of loyalty and confidentiality, contextual integrity that forbids illegitimate repurposing, neurorights-style recognition of mental privacy, mandatory clinical validation with a real enforcement body, and a right not to be trained upon, and you have something that begins to resemble for the confession machine what the law has long provided for the therapist's office. None of it is conceptually exotic. All of it already exists, somewhere, in some jurisdiction or some law-review article. The failure is not of imagination. It is of assembly, and of will.

The Cost of the Vacuum

It is worth being precise about who bears the cost of leaving the framework unbuilt, because it is not distributed evenly. The people most likely to confide in an AI system rather than a human professional are, disproportionately, those failed by the human system: the young, the uninsured, those facing waiting lists they cannot endure or fees they cannot pay, those for whom stigma makes a non-judgemental machine feel safer than a person. The KFF data on young adults, the JAMA findings on adolescents, the documented appeal of the chatbot as a confidant with whom one can share more than with a therapist, all point to a population that is turning to these systems precisely because the alternatives have been foreclosed to them. The regulatory void thus lands hardest on those with the least power to demand better, and the disclosures most likely to be extracted, monetised, or leaked are the disclosures of people already at the edge.

There is a bitter irony in this distribution. The very accessibility that makes these systems valuable, free or cheap, available at three in the morning, indifferent to insurance status and immune to the shame that keeps people away from clinics, is what concentrates the risk on the most vulnerable. A wealthy, well-insured person with a long-standing relationship to a human therapist enjoys, almost as a by-product of their privilege, the full lattice of legal protection: confidentiality, accountability, recourse. A frightened teenager confiding in a chatbot because there is no one else enjoys none of it. The technology that was supposed to democratise access to mental health support has, in its current form, democratised access to a service stripped of every protection that made the original worth having. Equity of access without equity of protection is not progress. It is the redistribution of risk towards the people least able to absorb it.

This is the quiet scandal beneath the technical one. We have built a confession machine of extraordinary intimacy and deployed it, at scale, to the most psychologically vulnerable people in the society, those in crisis, those without access to human care, the bereaved families in the Setzer and Raine suits, and we have surrounded it with less legal protection than governs a supermarket loyalty card. The Oversecured researchers found 1,575 ways the data could leak. The ECRI Institute found that the systems can harm people in crisis. The KFF reporting found that people are confiding in them more, not less, precisely because they feel safe. Every one of those findings points to the same conclusion: the framework of rights and obligations that would make this safe is not merely unfinished. For the people who most need it, it was never started.

The components are sitting in plain sight, in Balkin's fiduciary duties and Nissenbaum's contextual integrity, in Chile's constitution and Illinois's WOPR Act, in GDPR's special categories and Cassidy's reform bill. What is absent is the act of assembly, and the political will to impose on a fast-growing industry the one obligation it has structured itself to avoid: that the secrets confided to it at three in the morning belong to the person who confided them, and to no one else. Until that obligation exists, the most intimate data a human being can generate will remain the least protected, and the machine that listens so patiently in the dark will keep its true allegiance hidden. Not to the person typing. To whoever is paying.

References

  1. Kaspersky, “Mental health apps are leaking your private thoughts. How do you protect yourself?”, Kaspersky official blog, 2026. https://www.kaspersky.com/blog/mental-health-apps-issues-2026/55395/

  2. Oversecured, “Security researchers find vulnerabilities in mental health apps; one with millions of users may leak therapy notes,” Oversecured Blog, 2026. https://oversecured.com/blog/security-researchers-find-vulnerabilities-in-mental-health-apps

  3. “Android mental health apps with 14.7M installs filled with security flaws,” BleepingComputer, 2026. https://www.bleepingcomputer.com/news/security/android-mental-health-apps-with-147m-installs-filled-with-security-flaws/

  4. ECRI, “Misuse of AI chatbots tops annual list of health technology hazards,” PR Newswire / ECRI, February 2026. https://www.prnewswire.com/news-releases/misuse-of-ai-chatbots-tops-annual-list-of-health-technology-hazards-302666948.html

  5. “Misuse of AI chatbots in health care tops 2026 Health Tech Hazard Report,” Association of Health Care Journalists, February 2026. https://healthjournalism.org/blog/2026/02/misuse-of-ai-chatbots-in-health-care-tops-2026-health-tech-hazard-report/

  6. “ECRI names misuse of AI chatbots as top health tech hazard for 2026,” MedTech Dive, February 2026. https://www.medtechdive.com/news/ecri-health-tech-hazards-2026/810195/

  7. Susan B. Trachman, “The Hidden Dangers of AI-Driven Mental Health Care,” Psychology Today, January 2026. https://www.psychologytoday.com/us/blog/its-not-just-in-your-head/202601/the-hidden-dangers-of-ai-driven-mental-health-care

  8. “Use of Generative AI for Mental Health Advice Among US Adolescents and Young Adults,” JAMA Network Open / PMC, 2025. https://pmc.ncbi.nlm.nih.gov/articles/PMC12595529/

  9. “One in eight US adolescents and young adults use AI chatbots for mental health advice,” PsyPost, 2025. https://www.psypost.org/one-in-eight-us-adolescents-and-young-adults-use-ai-chatbots-for-mental-health-advice/

  10. “Your New Therapist: Chatty, Leaky, and Hardly Human,” KFF Health News, April 2026. https://kffhealthnews.org/mental-health/ai-chatbots-therapy-big-risks-few-regulations/

  11. “Poll: 1 in 3 Adults Are Turning to AI Chatbots for Health Information,” KFF, 2026. https://www.kff.org/health-information-trust/poll-1-in-3-adults-are-turning-to-ai-chatbots-for-health-advice/

  12. “Raine v. OpenAI,” Wikipedia. https://en.wikipedia.org/wiki/Raine_v._OpenAI

  13. “Parents of 16-year-old Adam Raine sue OpenAI, claiming ChatGPT advised on his suicide,” CNN Business, August 2025. https://www.cnn.com/2025/08/26/tech/openai-chatgpt-teen-suicide-lawsuit

  14. “Their teen sons died by suicide. Now, they want safeguards on AI,” NPR, September 2025. https://www.npr.org/sections/shots-health-news/2025/09/19/nx-s1-5545749/ai-chatbots-safety-openai-meta-characterai-teens-suicide

  15. “Closing the Privacy Gap: HIPRA Targets Health Apps and Wearables,” Alston & Bird Privacy, Cyber & Data Strategy Blog, 2025. https://www.alstonprivacy.com/closing-the-privacy-gap-hipra-targets-health-apps-and-wearables/

  16. “What the FTC's New Health Breach Rule Means for Your HIPAA Strategy,” HIPAA Vault, 2024. https://www.hipaavault.com/resources/ftc-health-breach-rule/

  17. Illinois Department of Financial and Professional Regulation, “Gov Pritzker Signs Legislation Prohibiting AI Therapy in Illinois,” August 2025. https://idfpr.illinois.gov/news/2025/gov-pritzker-signs-state-leg-prohibiting-ai-therapy-in-il.html

  18. “Illinois' WOPR Act: A New Standard for Ethical AI in Mental-Health Care,” HMP Global / Evolution of Psychotherapy, 2025. https://www.hmpglobalevents.com/article/illinois-wopr-act-new-standard-ethical-ai-mental-health-care

  19. “Annex III: High-Risk AI Systems,” EU Artificial Intelligence Act. https://artificialintelligenceact.eu/annex/3/

  20. “AI chatbots for mental health: experts call for clear regulation,” Healthcare-in-Europe, 2026. https://healthcare-in-europe.com/en/news/ai-chatbot-mental-health-regulation.html

  21. Jack M. Balkin, “The Fiduciary Model of Privacy,” Harvard Law Review Forum, 2020. https://harvardlawreview.org/wp-content/uploads/2020/10/134-Harv.-L.-Rev.-F.-11.pdf

  22. “Digital health fiduciaries: protecting user privacy when sharing health data,” Ethics and Information Technology, Springer, 2019. https://link.springer.com/article/10.1007/s10676-019-09499-x

  23. “Conference Talk Summary: Helen Nissenbaum, Privacy, Contextual Integrity, and Obfuscation,” OpenMined. https://openmined.org/blog/conference-talk-summary-helen-nissenbaum-privacy-contextual-integrity-and-obfuscation/

  24. “Neurorights and Mental Privacy,” UAB Institute for Human Rights Blog, November 2025. https://sites.uab.edu/humanrights/2025/11/11/neurorights-and-mental-privacy/

  25. “Towards Privacy-aware Mental Health AI Models: Advances, Challenges, and Opportunities,” arXiv, 2025. https://arxiv.org/pdf/2502.00451

Tim Green

Tim Green UK-based Systems Theorist & Independent Technology Writer

Tim explores the intersections of artificial intelligence, decentralised cognition, and posthuman ethics. His work, published at smarterarticles.co.uk, challenges dominant narratives of technological progress while proposing interdisciplinary frameworks for collective intelligence and digital stewardship.

His writing has been featured on Ground News and shared by independent researchers across both academic and technological communities.

ORCID: 0009-0002-0156-9795 Email: tim@smarterarticles.co.uk

Listen to the free weekly SmarterArticles Podcast

Discuss...