Lindsey L. Tonsager

August 12, 2019, Inside Privacy

At the Black Hat conference in Las Vegas last week, a security researcher presented his research on using access rights available under the GDPR for identity theft purposes (slides available here; whitepaper available here).  Specifically, the researcher “attempted to steal as much information as possible” about his fiancé by submitting GDPR access requests in ...

July 25, 2019, Legaltech News

Lindsey Tonsager spoke with Legaltech News about the FTC’s public request for comment on the Children’s Online Privacy Protection Act (COPPA). Ms. Tonsager said, “Regardless of whether the FTC is looking at the rule or not, I think the common best practice is to collect only the information that you need. The data minimization helps regardless if the regulator ...

July 17, 2019, Covington Alert

Federal and state policymakers continued to focus on artificial intelligence (“AI”) and the Internet of Things (“IoT”) in the second quarter of 2019, including by introducing both substantive measures that would regulate the use of the technology and by supporting funding bills aimed at increasing investment. In our second AI & IoT Quarterly Legislative Update, ...

July 9, 2019, Wall Street Journal

Lindsey Tonsager is quoted in the Wall Street Journal regarding the initiative to increase artificial intelligence legal practices. Ms. Tonsager says data is the fuel that drives artificial intelligence, but it can come with legal restrictions. Companies acquiring datasets need to be sure their contracts give them the right to use the data to train algorithms. ...

June 27, 2019

SAN FRANCISCO—The Daily Journal has named Lindsey Tonsager to its 2019 “Top Artificial Intelligence Lawyers,” recognizing the top artificial intelligence lawyers in California. Ms. Tonsager co-chairs the firm’s Artificial Intelligence Initiative, which is a cross-functional practice advising companies developing or utilizing AI technologies. She is advising ...

June 25, 2019, Covington Digital Health

Last week, Senators Amy Klobuchar (D-MN) and Lisa Murkowski (R-AK) introduced the Protecting Personal Health Data Act (S. 1842), which would provide new privacy and security rules from the Department of Health and Human Services (“HHS”) for technologies that collect personal health data, such as wearable fitness trackers, social-media sites focused on health ...

June 22, 2019, Inside Privacy

Last week, Senators Amy Klobuchar (D-MN) and Lisa Murkowski (R-AK) introduced the Protecting Personal Health Data Act (S. 1842), which would provide new privacy and security rules from the Department of Health and Human Services (“HHS”) for technologies that collect personal health data, such as wearable fitness trackers, social-media sites focused on health ...

June 10, 2019, Inside Privacy

On May 29, 2019, the Governor of Nevada signed into law Senate Bill 220 (“SB 220”), an act relating to Internet privacy and amending Nevada’s existing law requiring websites and online services to post a privacy notice.  In short, Nevada’s law will require operators of Internet websites and online services to follow a consumer’s direction...… Continue Reading

May 14, 2019, PayTV Show

April 30, 2019, Covington Alert

Federal and state policymakers introduced a range of new measures on artificial intelligence (“AI”) and the Internet of Things (“IoT”) in the first quarter of 2019. In our initial AI & IoT Quarterly Legislative Update, we detail the notable legislative events from this quarter on AI, IoT, cybersecurity as it relates to AI and IoT, and connected and autonomous ...

April 10, 2019, Covington Digital Health

On April 2, 2019, FDA released a discussion paper entitled “Regulatory Framework for Modifications to Artificial Intelligence/Machine Learning (AI/ML)-Based Software as a Medical Device (SaMD)” (the “AI Framework”). The AI Framework is the Agency’s first policy document describing a potential regulatory approach for medical devices that use artificial ...

March 2019, DataGuidance

October 3, 2018, Privacy + Security Forum

September 21, 2018

Lindsey Tonsager is quoted in the San Francisco Business Times regarding California’s new cybersecurity bill regulating internet-connected devices. Ms. Tonsager believes the vagueness of the “reasonable” standard makes the law flexible. She says, “It’s really helpful that the legislation acknowledges flexibility in identifying which standards are reasonable. ...

September 17, 2018, Law360

Lindsey Tonsager is quoted in Law360 regarding California’s newly enacted rules mandating security features for internet-connected devices. Makers of IoT devices will be required under Senate Bill 327 to equip products with "reasonable security features." Ms. Tonsager says, "The 'reasonable security' standard is quite flexible, which is good when operating in a ...

July 3, 2018, Covington Alert

On June 28, 2018, the Governor of California signed the California Consumer Privacy Act of 2018 (“CCPA”). The new law is the most comprehensive data privacy statute in the United States and introduces significant privacy requirements for covered businesses. The CCPA takes effect on January 1, 2020, but based on comments from both the public-interest and business ...

July 2, 2018, Inside Privacy

On June 28, 2018, California enacted the California Consumer Privacy Act of 2018 (“CCPA”), which is aimed at strengthening consumer privacy rights and data security protections.  The CCPA takes effect on January 1, 2020 and is considered the most stringent privacy law in the country. The CCPA applies to for-profit entities that conduct business in...… Continue ...

June 28, 2018, Politico

Lindsey Tonsager is quoted in a Politico article regarding a bill passed by California lawmakers that imposes stricter consumer privacy rules on companies. Should the California law trigger other states to put their own restrictions on consumer privacy, industry lobbyists and advocates will likely look to Congress to create consistent standards, says Tonsager. ...

March 23, 2018, MLex

Lindsey Tonsager recently spoke at the BCLT Privacy Law Forum in Silicon Valley is quoted in an mLex article discussing whether GDPR will automatically become a global privacy standard. Tonsager said that working with companies that depend on AI technology to become compliant with the GDPR “is incredibly, incredibly challenging." Commenting on modifications to ...

January 24, 2018, Covington Alert

Digital advertising typically involves a vast network of publishers, advertisers and their agencies, advertising exchanges and networks, technology platforms, and measurement and data analytics providers. To help streamline the commercial dealings of all of these parties in this complex ecosystem, advertising industry self-regulatory groups have developed ...

January 16, 2018, NRF General Counsels Forum

January 8, 2018, Covington Advisory

In late December, the Federal Trade Commission (“FTC”) released a Staff Report titled Blurred Lines: An Exploration of Consumers’ Advertising Recognition in the Contexts of Search Engines and Native Advertising. This Report is the most recent sign of the FTC’s continuing interest in native advertising and effective online disclosures. This study builds upon the ...

December 5, 2017, Covington Digital Health

In the third installment of our series, Covington’s global cross-practice Digital Health team considers some additional key questions about Artificial Intelligence (AI), data privacy, and cybersecurity that companies across the life sciences and technology sectors should be asking to address the regulatory and commercial pieces of the complex digital health ...

November 9, 2017, CTIA Wireless Legal Seminar for the West

October 29, 2017, The Times

Lindsey Tonsager is quoted by The Times in an article regarding the use of artificial intelligence in healthcare. Commenting on how regulators are beginning to address some of the issues, Tonsager says, "The law hasn’t caught up with the technology. Nobody knows exactly who will be responsible.” “Some diseases disproportionately affect certain types of ...

October 17, 2017, Silicon Valley Association of General Counsel All Hands Meeting

October 13, 2017, 6th Annual US-China IP Conference

October 9, 2017, Inside Privacy

Earlier this week, the Federal Trade Commission and Department of Education announced plans to hold a joint workshop on the application of the Children’s Online Privacy Protection Act (“COPPA”) and the Family Educational Rights and Privacy Act (“FERPA”) to educational technology products and services in the K-12 school environment.  In advance of the workshop, ...

October 4, 2017, Privacy + Security Forum

September 26, 2017, Covington Digital Health

In the second of a three-part series, Covington’s global cross-practice Digital Health team considers some additional key questions that companies across the life sciences, technology, and communications industries should be asking as they seek to fit together the regulatory and commercial pieces of the complex digital health puzzle. Key Commercial Questions ...

September 22, 2017, The Recorder

Lindsey Tonsager is quoted by The Recorder in an article regarding the recent decision in a case brought by the FTC alleging that selling connected devices with known security weaknesses is an unfair and deceptive business practice. According to Tonsager, "Judge Donato's order should discourage the FTC from adopting a legal standard that would consider potential ...

Fall 2017, Journal of Student Financial Aid

August 29, 2017, Covington Digital Health

In the first of a three-part series, Covington’s global cross-practice Digital Health team answers key questions that companies across the life sciences, technology, and communications industries should be asking as they seek to fit together the regulatory and commercial pieces of the complex digital health puzzle. Key Regulatory Questions About Digital Health ...

June 29, 2017, Bloomberg Law

Lindsey Tonsager is quoted in a Bloomberg Law article regarding the FTC's updated guidance that includes adding online-based questions as a method of obtaining parental consent under the Children's Online Privacy Protection Act. According to Tonsager, the new methods are a quick way for parents to give consent without having to mail in forms, and will largely ...

June 22, 2017, Inside Privacy

Today the FTC announced that it is undertaking a review of its CAN-SPAM Rule, which sets out the requirements for sending commercial e-mail messages.  Among other things, the CAN-SPAM Rule requires that senders of commercial e-mails provide recipients a mechanism to opt out of receiving commercial e-mails, honor opt-out requests within 10 business days, and ...

June 21, 2017, Inside Privacy

The FTC staff published today a “Six-Step Compliance Plan” for businesses to comply with the Children’s Online Privacy Protection Act (COPPA). The guidance, which provides a useful framework for businesses, states explicitly that COPPA applies to connected toys and other devices that collect personal information from children over the Internet.  The FTC’s 2013 ...

May 1, 2017, Covington Alert

In a widely anticipated step, FCC Chairman Ajit Pai has released the text of a draft Notice of Proposed Rulemaking (“NPRM”) proposing to change the legal framework that governs broadband providers, eliminate the “Internet conduct standard” for evaluating broadband provider practices on a case-by-case basis, and seek comment on whether to keep, modify, or ...

April 25, 2017, In-House Benefits Counsel Network National Forum

November 4, 2016, Inside Privacy

On November 2, 2016, California Attorney General Kamala Harris released a report outlining best practices for the education technology industry (“Ed Tech”).  In Ready for School: Recommendations for the Ed Tech Industry to Protect the Privacy of Student Data, Attorney General Harris noted the need to implement robust safeguards for collection, use, and sharing ...

October 18, 2016, Inside Privacy

The Digital Advertising Alliance (DAA), a consortium of the nation’s largest media and marketing associations that has established self-regulatory standards for online behavioral advertising, announced on October 13 that the Council of Better Business Bureaus and the Direct Marketing Association will begin enforcement of the Application of the DAA Principles of ...

April 29, 2016, Inside Privacy

In a blog post published on the Federal Trade Commission (FTC) website, Jessica Rich, Director of the FTC’s Bureau of Consumer Protection, recently stated that: “we regard data as ‘personally identifiable,’ and thus warranting privacy protections, when it can be reasonably linked to a particular person, computer, or device. In many cases, persistent identifiers ...

November 9, 2015, Multichannel News

October 8, 2015

WASHINGTON, DC, October 8, 2015 — Covington advised Prosper Marketplace, a leading online marketplace that connects borrowers and investors, in its acquisition of BillGuard, a personal finance analytics company. The financial terms of the deal were not announced. According to the company’s press release, the acquisition will enable Prosper Marketplace to offer ...

October 1, 2015

WASHINGTON, DC, October 1, 2015 - Covington has elected nine of its lawyers to partnership. “We are delighted to welcome our new partners, who exemplify the spirit and substance of Covington,” said Timothy Hester, chair of the firm’s management committee. “This partnership class reflects our focus on the firm’s core practice strengths. We are confident that ...

August 20, 2015

SAN FRANCISCO, August 20, 2015 — Covington advised Tencent Holdings Ltd. on its US$50 million investment in Ontario-based Kik Interactive, Inc., a messenger application with more than 200 million registered users. Tencent is a Chinese company that provides value-added Internet, mobile and telecom services and online advertising. Its messaging app WeChat has ...

June 24, 2015, FDAnews Social Media Regulatory Affairs Summit — Social Media: Getting to Yes — Satisfy Both ROI and the FDA

May 21, 2015, IAPP Seattle KnowledgeNet

May 12, 2015, Inside Counsel

April 10, 2015, PBS Technology Conference

April 10, 2015, PBS Technology Conference

March 5, 2015, IAPP Global Privacy Summit

February 17, 2015, Bloomberg BNA Social Media Law & Policy Report, Vol. 4, No. 7

October 21, 2014, Law360

October 1, 2014, Children’s Advertising Review Unit Annual Conference

April 30, 2013, Law360

April 11, 2013, Covington E-Alert

March 8, 2013, IAPP Global Privacy Summit

March 2013

August 2, 2012, Covington E-Alert

June 7, 2012, Covington Advisory

February 27, 2012, Covington E-Alert

December 1, 2010, Covington E-Alert

September 29, 2010, Covington Advisory

July 22, 2010, Covington Advisory

March 19, 2010, Covington Report

October 30, 2009, Covington E-Alert

October 6, 2009, Covington E-Alert

August 13, 2009, Covington Advisory

June 19, 2009, Covington E-Alert

January 6, 2009, Covington Advisory

2009, PBS Technology Conference

December 2008, Data Protection Law & Policy

August 2008, Data Protection Law & Policy

March 2008, Data Protection Law & Policy

2008, Annual Presentation to the Smithsonian Institution’s Office of General Counsel on Developments in Intellectual Property

2007, Annual Presentation to the Smithsonian Institution’s Office of General Counsel on Developments in Intellectual Property

2006, 90 Minn. L. Rev. 1506