October 3, 2018, Privacy + Security Forum

September 21, 2018

Lindsey Tonsager is quoted in the San Francisco Business Times regarding California’s new cybersecurity bill regulating internet-connected devices. Ms. Tonsager believes the vagueness of the “reasonable” standard makes the law flexible. She says, “It’s really helpful that the legislation acknowledges flexibility in identifying which standards are reasonable. ...

September 17, 2018, Law360

Lindsey Tonsager is quoted in Law360 regarding California’s newly enacted rules mandating security features for internet-connected devices. Makers of IoT devices will be required under Senate Bill 327 to equip products with "reasonable security features." Ms. Tonsager says, "The 'reasonable security' standard is quite flexible, which is good when operating in a ...

July 3, 2018, Covington Alert

On June 28, 2018, the Governor of California signed the California Consumer Privacy Act of 2018 (“CCPA”). The new law is the most comprehensive data privacy statute in the United States and introduces significant privacy requirements for covered businesses. The CCPA takes effect on January 1, 2020, but based on comments from both the public-interest and business ...

July 2, 2018, Inside Privacy

On June 28, 2018, California enacted the California Consumer Privacy Act of 2018 (“CCPA”), which is aimed at strengthening consumer privacy rights and data security protections.  The CCPA takes effect on January 1, 2020 and is considered the most stringent privacy law in the country. The CCPA applies to for-profit entities that conduct business in...… Continue ...

June 28, 2018, Politico

Lindsey Tonsager is quoted in a Politico article regarding a bill passed by California lawmakers that imposes stricter consumer privacy rules on companies. Should the California law trigger other states to put their own restrictions on consumer privacy, industry lobbyists and advocates will likely look to Congress to create consistent standards, says Tonsager. ...

March 23, 2018, MLex

Lindsey Tonsager recently spoke at the BCLT Privacy Law Forum in Silicon Valley is quoted in an mLex article discussing whether GDPR will automatically become a global privacy standard. Tonsager said that working with companies that depend on AI technology to become compliant with the GDPR “is incredibly, incredibly challenging." Commenting on modifications to ...

January 24, 2018, Covington Alert

Digital advertising typically involves a vast network of publishers, advertisers and their agencies, advertising exchanges and networks, technology platforms, and measurement and data analytics providers. To help streamline the commercial dealings of all of these parties in this complex ecosystem, advertising industry self-regulatory groups have developed ...

January 16, 2018, NRF General Counsels Forum

January 8, 2018, Covington Advisory

In late December, the Federal Trade Commission (“FTC”) released a Staff Report titled Blurred Lines: An Exploration of Consumers’ Advertising Recognition in the Contexts of Search Engines and Native Advertising. This Report is the most recent sign of the FTC’s continuing interest in native advertising and effective online disclosures. This study builds upon the ...

December 5, 2017, Covington Digital Health

In the third installment of our series, Covington’s global cross-practice Digital Health team considers some additional key questions about Artificial Intelligence (AI), data privacy, and cybersecurity that companies across the life sciences and technology sectors should be asking to address the regulatory and commercial pieces of the complex digital health ...

November 9, 2017, CTIA Wireless Legal Seminar for the West

October 29, 2017, The Times

Lindsey Tonsager is quoted by The Times in an article regarding the use of artificial intelligence in healthcare. Commenting on how regulators are beginning to address some of the issues, Tonsager says, "The law hasn’t caught up with the technology. Nobody knows exactly who will be responsible.” “Some diseases disproportionately affect certain types of ...

October 17, 2017, Silicon Valley Association of General Counsel All Hands Meeting

October 13, 2017, 6th Annual US-China IP Conference

October 9, 2017, Inside Privacy

Earlier this week, the Federal Trade Commission and Department of Education announced plans to hold a joint workshop on the application of the Children’s Online Privacy Protection Act (“COPPA”) and the Family Educational Rights and Privacy Act (“FERPA”) to educational technology products and services in the K-12 school environment.  In advance of the workshop, ...

October 4, 2017, Privacy + Security Forum

September 26, 2017, Covington Digital Health

In the second of a three-part series, Covington’s global cross-practice Digital Health team considers some additional key questions that companies across the life sciences, technology, and communications industries should be asking as they seek to fit together the regulatory and commercial pieces of the complex digital health puzzle. Key Commercial Questions ...

September 22, 2017, The Recorder

Lindsey Tonsager is quoted by The Recorder in an article regarding the recent decision in a case brought by the FTC alleging that selling connected devices with known security weaknesses is an unfair and deceptive business practice. According to Tonsager, "Judge Donato's order should discourage the FTC from adopting a legal standard that would consider potential ...

Fall 2017, Journal of Student Financial Aid

August 29, 2017, Covington Digital Health

In the first of a three-part series, Covington’s global cross-practice Digital Health team answers key questions that companies across the life sciences, technology, and communications industries should be asking as they seek to fit together the regulatory and commercial pieces of the complex digital health puzzle. Key Regulatory Questions About Digital Health ...

June 29, 2017, Bloomberg Law

Lindsey Tonsager is quoted in a Bloomberg Law article regarding the FTC's updated guidance that includes adding online-based questions as a method of obtaining parental consent under the Children's Online Privacy Protection Act. According to Tonsager, the new methods are a quick way for parents to give consent without having to mail in forms, and will largely ...

June 22, 2017, Inside Privacy

Today the FTC announced that it is undertaking a review of its CAN-SPAM Rule, which sets out the requirements for sending commercial e-mail messages.  Among other things, the CAN-SPAM Rule requires that senders of commercial e-mails provide recipients a mechanism to opt out of receiving commercial e-mails, honor opt-out requests within 10 business days, and ...

June 21, 2017, Inside Privacy

The FTC staff published today a “Six-Step Compliance Plan” for businesses to comply with the Children’s Online Privacy Protection Act (COPPA). The guidance, which provides a useful framework for businesses, states explicitly that COPPA applies to connected toys and other devices that collect personal information from children over the Internet.  The FTC’s 2013 ...

May 1, 2017, Covington Alert

In a widely anticipated step, FCC Chairman Ajit Pai has released the text of a draft Notice of Proposed Rulemaking (“NPRM”) proposing to change the legal framework that governs broadband providers, eliminate the “Internet conduct standard” for evaluating broadband provider practices on a case-by-case basis, and seek comment on whether to keep, modify, or ...

April 25, 2017, In-House Benefits Counsel Network National Forum

November 4, 2016, Inside Privacy

On November 2, 2016, California Attorney General Kamala Harris released a report outlining best practices for the education technology industry (“Ed Tech”).  In Ready for School: Recommendations for the Ed Tech Industry to Protect the Privacy of Student Data, Attorney General Harris noted the need to implement robust safeguards for collection, use, and sharing ...

October 18, 2016, Inside Privacy

The Digital Advertising Alliance (DAA), a consortium of the nation’s largest media and marketing associations that has established self-regulatory standards for online behavioral advertising, announced on October 13 that the Council of Better Business Bureaus and the Direct Marketing Association will begin enforcement of the Application of the DAA Principles of ...

April 29, 2016, Inside Privacy

In a blog post published on the Federal Trade Commission (FTC) website, Jessica Rich, Director of the FTC’s Bureau of Consumer Protection, recently stated that: “we regard data as ‘personally identifiable,’ and thus warranting privacy protections, when it can be reasonably linked to a particular person, computer, or device. In many cases, persistent identifiers ...

November 9, 2015, Multichannel News

October 8, 2015

WASHINGTON, DC, October 8, 2015 — Covington advised Prosper Marketplace, a leading online marketplace that connects borrowers and investors, in its acquisition of BillGuard, a personal finance analytics company. The financial terms of the deal were not announced. According to the company’s press release, the acquisition will enable Prosper Marketplace to offer ...

October 1, 2015

WASHINGTON, DC, October 1, 2015 - Covington has elected nine of its lawyers to partnership. “We are delighted to welcome our new partners, who exemplify the spirit and substance of Covington,” said Timothy Hester, chair of the firm’s management committee. “This partnership class reflects our focus on the firm’s core practice strengths. We are confident that ...

September 18, 2015, Inside Privacy

By Lindsey Tonsager and Megan Rodgers The FTC held its “Start with Security” conference in San Francisco, California, last week, launching an initiative to provide companies with practical resources for implementing effective data security strategies. The event was targeted at tech start-ups and small- and medium-sized businesses, but the panelists included ...

August 20, 2015

SAN FRANCISCO, August 20, 2015 — Covington advised Tencent Holdings Ltd. on its US$50 million investment in Ontario-based Kik Interactive, Inc., a messenger application with more than 200 million registered users. Tencent is a Chinese company that provides value-added Internet, mobile and telecom services and online advertising. Its messaging app WeChat has ...

June 24, 2015, FDAnews Social Media Regulatory Affairs Summit — Social Media: Getting to Yes — Satisfy Both ROI and the FDA

May 21, 2015, IAPP Seattle KnowledgeNet

May 12, 2015, Inside Counsel

April 10, 2015, PBS Technology Conference

April 10, 2015, PBS Technology Conference

March 5, 2015, IAPP Global Privacy Summit

February 17, 2015, Bloomberg BNA Social Media Law & Policy Report, Vol. 4, No. 7

January 22, 2015, Inside Privacy

On Thursday, January 29, Covington’s Global Privacy and Data Security Practice Group will host a webinar on the Internet of Things (IoT).  The webinar will cover the full federal, state, and international legal landscape governing IoT technology. While the Federal Trade Commission (FTC) is expected to release a report soon on privacy issues raised by IoT, the ...

January 9, 2015, Inside Privacy

In late December 2014, the FTC staff sent China-based mobile app developer BabyBus a letter warning the company that several of its apps may violate the FTC’s Children’s Online Privacy Protection Act (COPPA) Rule. Staff alleged that the apps are marketed for young children and “use cartoon characters to teach children letters, counting, shapes, music,...… ...

October 21, 2014, Law360

October 1, 2014, Children’s Advertising Review Unit Annual Conference

April 30, 2013, Law360

April 11, 2013, Covington E-Alert

March 8, 2013, IAPP Global Privacy Summit

March 2013

August 2, 2012, Covington E-Alert

June 7, 2012, Covington Advisory

February 27, 2012, Covington E-Alert

December 1, 2010, Covington E-Alert

September 29, 2010, Covington Advisory

July 22, 2010, Covington Advisory

March 19, 2010, Covington Report

October 30, 2009, Covington E-Alert

October 6, 2009, Covington E-Alert

August 13, 2009, Covington Advisory

June 19, 2009, Covington E-Alert

January 6, 2009, Covington Advisory

2009, PBS Technology Conference

December 2008, Data Protection Law & Policy

August 2008, Data Protection Law & Policy

March 2008, Data Protection Law & Policy

2008, Annual Presentation to the Smithsonian Institution’s Office of General Counsel on Developments in Intellectual Property

2007, Annual Presentation to the Smithsonian Institution’s Office of General Counsel on Developments in Intellectual Property

2006, 90 Minn. L. Rev. 1506