Lindsey L. Tonsager

March 13, 2020, Inside Privacy

In the latest development in the CCPA saga, the California Attorney General has further modified the draft regulations implementing the California Consumer Privacy Act (“CCPA”). His office’s website posted clean and redlined versions of the new regulations (the “March draft regulations”). Below, please find a summary of some of the most notable changes: ...

March 9, 2020, Inside Privacy

On March 5, Senators Ed Markey (D-MA) and Richard Blumenthal (D-CT) introduced the Kids Internet Design and Safety (KIDS) Act.  The bill, which covers online platforms directed to children and teenagers under 16 years old, aims to curb the time spent by these minors on such platforms and could dramatically affect advertising and influencer content...… Continue ...

February 9, 2020, Inside Privacy

The California Attorney General has released both clean and redlined versions of proposed modifications to the draft implementing regulations for the California Consumer Privacy Act (“CCPA”). Below is a high-level overview of some key changes: Service Providers. The modified draft restricts a service provider from processing the personal information it receives ...

February 7, 2020, Inside Privacy

On January 30, House Rep. Kathy Castor (D-FL) introduced the Protecting the Information of our Vulnerable Children and Youth (“PRIVCY”) Act, a bill that promises to be a significant overhaul of the Children’s Online Privacy Protection Act (“COPPA”). Currently, COPPA applies only to personal information collected from children under 13 years old.  The PRIVCY ...

January 24, 2020, Inside Tech Media

U.S. federal policymakers continued to focus on artificial intelligence (“AI”) and the Internet of Things (“IoT”) in the fourth quarter of 2019, including by introducing substantive bills that would regulate the use of such technology and by supporting bills aimed at further study of how such technology may impact different sectors. In our fourth AI...… Continue ...

January 24, 2020, Covington Alert

U.S. federal policymakers continued to focus on artificial intelligence (“AI”) and the Internet of Things (“IoT”) in the fourth quarter of 2019, including by introducing substantive bills that would regulate the use of such technology and by supporting bills aimed at further study of how such technology may impact different sectors. In our fourth AI & IoT ...

January 13, 2020, Global Data Review

Lindsey Tonsager is quoted in Global Data Review regarding a recently released draft privacy bill from the US House Committee on Energy & Commerce which differs from current Senate bills. With roughly a quarter of House Democrats coming from California, Ms. Tonsager told GDR that there will be major opposition to pre-emption in the House. “We’ve already seen the ...

January 10, 2020, Inside Privacy

While some state legislators are still putting away their holiday decorations, New Hampshire legislators introduced new data privacy legislation, New Hampshire House Bill 1680.  The legislation is similar to the California Consumer Privacy Act (which we’ve written extensively about before, including here and here).  It grants consumers access, portability, ...

January 1, 2020, Financial Times

Lindsey Tonsager spoke with the Financial Times about the California Consumer Privacy Act (CCPA) and the different ways companies are trying to comply with the new law. Addressing some companies’ efforts to create self-serve portals to handle users’ privacy requests, Ms. Tonsager says, “This works fine but if you get a high spike of data access requests — right ...

December 4, 2019, Daily Journal

Lindsey Tonsager is quoted in Daily Journal regarding a new voter initiative designed to improve consumer privacy in California. Ms. Tonsager says, “The new ballot initiative has introduced some uncertainty into the conversation for businesses. There has been a real whiplash throughout the whole process of the CCPA. It was enacted back in 2018, and its already ...

November-December 2019, Privacy & Cybersecurity Law Report

November 8, 2019, Inside Privacy

With less than two months until it goes into effect, many practitioners are focused on bringing their programs into compliance with the California Consumer Protection Act (“CCPA”) by January 1, 2020.  But the rapid pace of privacy legal developments could continue next year.  This past year, five states established studies or task forces to study...… Continue ...

October 29, 2019

As the effective date of the California Consumer Privacy Act looms closer, companies are grappling with the significance of the law and its definitions. One defined term in particular, “sale,” has sparked heated debate between industry and consumer advocates, and even within the legal profession. While much has been said about this term, more needs to be said. ...

October 22, 2019, Inside Tech Media

Federal policymakers continued to focus on artificial intelligence (“AI”) and the Internet of Things (“IoT”) in the third quarter of 2019, including by introducing substantive bills that would regulate the use of such technology and by supporting bills aimed at further study of how such technology may impact different sectors. In our third AI &...… Continue ...

October 21, 2019, Covington Alert

Federal policymakers continued to focus on artificial intelligence (“AI”) and the Internet of Things (“IoT”) in the second quarter of 2019, including by introducing substantive bills that would regulate the use of such technology and by supporting bills aimed at further study of how such technology may impact different sectors. In our third AI & IoT Quarterly ...

October 11, 2019, Covington Alert

On October 10, 2019, California state attorney general Xavier Becerra announced the release of proposed implementing regulations concerning the California Consumer Privacy Act (CCPA). Interested stakeholders can submit written comments until December 6, 2019 at 5 PM (Pacific Time). In addition, four public hearings will be held on December 2nd (Sacramento), ...

October 10, 2019, Inside Privacy

A new ballot initiative would create the California Privacy Rights and Enforcement Act (“CPREA”) and would make several changes to the California Consumer Privacy Act (“CCPA”). CPREA makes the following changes and additions: California Privacy Protection Agency: This ballot initiative would establish the California Privacy Protection Agency (“CPPA”), which ...

October 10, 2019, Covington Alert

On Monday, the Federal Trade Commission held a workshop to examine whether to update the FTC’s rule adopted under the Children’s Online Privacy Protection Act (“COPPA Rule”). The Future of the COPPA Rule: An FTC Workshop featured a range of speakers and panelists, including representatives from industry, consumer groups, and academia.

September 30, 2019, Global Data Review

Lindsey Tonsager spoke with Global Data Review about proposed amendments to the California Consumer Privacy Act filed by Alastair Mactaggart of the Californians for Consumer Privacy. Ms. Tonsager said that given the time and resources spent on preparing staff within California’s office of the attorney general for the CCPA, she was “baffled” to see the proposal ...

September 27, 2019, Covington Alert

Real estate developer Alastair Mactaggart is making news with the announcement of another privacy ballot initiative, the California Privacy Rights and Enforcement Act (“CPREA”). He intends to include his new initiative on the November 2020 ballot.

September 26, 2019, Financial Times

Lindsey Tonsager is quoted in the Financial Times regarding the California Consumer Privacy Act’s effect on businesses in the state and around the world. Ms. Tonsager says, “Once the new law takes effect, the California attorney-general will overnight become one of the most powerful privacy regulators in the world.” She adds, “Companies that already had to apply ...

September 17, 2019, Inside Privacy

Last week, after months of negotiation and speculation, the California legislature passed bills amending the California Consumer Privacy Act (“CCPA”).  This marked the last round of CCPA amendments before the legislature adjourned for the year—and before the CCPA takes effect on January 1, 2020.  California Governor Gavin Newsom has until October 13 to sign ...

September 16, 2019, Global Data Review

Lindsey Tonsager spoke with Global Data Review about the recently-passed California Consumer Privacy Act. Ms. Tonsager says the issues the attorney general need to clarify include what a “do not sell my personal information” link should look like on company websites, how that link should be formatted, and where it should be placed. One of the most important ...

September 11, 2019, Legaltech News

Lindsey Tonsager is quoted in Legaltech News regarding Google’s settlement with the FTC involving violations of the Children's Online Privacy Protection Act. Ms. Tonsager says, “This is the first FTC settlement that dealt with behavioral advertisements against a platform that just hosts third-party content.” She noted FTC Commissioner Rebecca Kelly Slaughter’s ...

September 10, 2019, The Recorder

September 6, 2019, Inside Privacy

Yesterday, the Federal Trade Commission (“FTC”) and the New York Attorney General’s office (“NYAG”) settled allegations against Google LLC and its subsidiary YouTube, LLC claiming violations of the Children’s Online Privacy Protection Act and its implementing rule (together, “COPPA”).  The settlement requires Google and YouTube to pay $136 million to the FTC and ...

August 12, 2019, Inside Privacy

At the Black Hat conference in Las Vegas last week, a security researcher presented his research on using access rights available under the GDPR for identity theft purposes (slides available here; whitepaper available here).  Specifically, the researcher “attempted to steal as much information as possible” about his fiancé by submitting GDPR access requests in ...

July 25, 2019, Legaltech News

Lindsey Tonsager spoke with Legaltech News about the FTC’s public request for comment on the Children’s Online Privacy Protection Act (COPPA). Ms. Tonsager said, “Regardless of whether the FTC is looking at the rule or not, I think the common best practice is to collect only the information that you need. The data minimization helps regardless if the regulator ...

July 18, 2019, Inside Tech Media

Federal and state policymakers continued to focus on artificial intelligence (“AI”) and the Internet of Things (“IoT”) in the second quarter of 2019, including by introducing both substantive measures that would regulate the use of the technology and by supporting funding bills aimed at increasing investment. In our second AI & IoT Quarterly Legislative ...

July 17, 2019, Covington Alert

Federal and state policymakers continued to focus on artificial intelligence (“AI”) and the Internet of Things (“IoT”) in the second quarter of 2019, including by introducing both substantive measures that would regulate the use of the technology and by supporting funding bills aimed at increasing investment. In our second AI & IoT Quarterly Legislative Update, ...

July 9, 2019, Wall Street Journal

Lindsey Tonsager is quoted in the Wall Street Journal regarding the initiative to increase artificial intelligence legal practices. Ms. Tonsager says data is the fuel that drives artificial intelligence, but it can come with legal restrictions. Companies acquiring datasets need to be sure their contracts give them the right to use the data to train algorithms. ...

June 27, 2019

SAN FRANCISCO—The Daily Journal has named Lindsey Tonsager to its 2019 “Top Artificial Intelligence Lawyers,” recognizing the top artificial intelligence lawyers in California. Ms. Tonsager co-chairs the firm’s Artificial Intelligence Initiative, which is a cross-functional practice advising companies developing or utilizing AI technologies. She is advising ...

June 25, 2019, Covington Digital Health

Last week, Senators Amy Klobuchar (D-MN) and Lisa Murkowski (R-AK) introduced the Protecting Personal Health Data Act (S. 1842), which would provide new privacy and security rules from the Department of Health and Human Services (“HHS”) for technologies that collect personal health data, such as wearable fitness trackers, social-media sites focused on health ...

May 14, 2019, PayTV Show

May 1, 2019, Inside Tech Media

Federal and state policymakers introduced a range of new measures on artificial intelligence (“AI”) and the Internet of Things (“IoT”) in the first quarter of 2019. In our initial AI & IoT Quarterly Legislative Update, we detail the notable legislative events from this quarter on AI, IoT, cybersecurity as it relates to AI and IoT,...… Continue Reading

April 30, 2019, Covington Alert

Federal and state policymakers introduced a range of new measures on artificial intelligence (“AI”) and the Internet of Things (“IoT”) in the first quarter of 2019. In our initial AI & IoT Quarterly Legislative Update, we detail the notable legislative events from this quarter on AI, IoT, cybersecurity as it relates to AI and IoT, and connected and autonomous ...

April 10, 2019, Covington Digital Health

On April 2, 2019, FDA released a discussion paper entitled “Regulatory Framework for Modifications to Artificial Intelligence/Machine Learning (AI/ML)-Based Software as a Medical Device (SaMD)” (the “AI Framework”). The AI Framework is the Agency’s first policy document describing a potential regulatory approach for medical devices that use artificial ...

March 2019, DataGuidance

October 3, 2018, Privacy + Security Forum

September 21, 2018

Lindsey Tonsager is quoted in the San Francisco Business Times regarding California’s new cybersecurity bill regulating internet-connected devices. Ms. Tonsager believes the vagueness of the “reasonable” standard makes the law flexible. She says, “It’s really helpful that the legislation acknowledges flexibility in identifying which standards are reasonable. ...

September 17, 2018, Law360

Lindsey Tonsager is quoted in Law360 regarding California’s newly enacted rules mandating security features for internet-connected devices. Makers of IoT devices will be required under Senate Bill 327 to equip products with "reasonable security features." Ms. Tonsager says, "The 'reasonable security' standard is quite flexible, which is good when operating in a ...

July 3, 2018, Covington Alert

On June 28, 2018, the Governor of California signed the California Consumer Privacy Act of 2018 (“CCPA”). The new law is the most comprehensive data privacy statute in the United States and introduces significant privacy requirements for covered businesses. The CCPA takes effect on January 1, 2020, but based on comments from both the public-interest and business ...

June 28, 2018, Politico

Lindsey Tonsager is quoted in a Politico article regarding a bill passed by California lawmakers that imposes stricter consumer privacy rules on companies. Should the California law trigger other states to put their own restrictions on consumer privacy, industry lobbyists and advocates will likely look to Congress to create consistent standards, says Tonsager. ...

March 23, 2018, MLex

Lindsey Tonsager recently spoke at the BCLT Privacy Law Forum in Silicon Valley is quoted in an mLex article discussing whether GDPR will automatically become a global privacy standard. Tonsager said that working with companies that depend on AI technology to become compliant with the GDPR “is incredibly, incredibly challenging." Commenting on modifications to ...

January 24, 2018, Covington Alert

Digital advertising typically involves a vast network of publishers, advertisers and their agencies, advertising exchanges and networks, technology platforms, and measurement and data analytics providers. To help streamline the commercial dealings of all of these parties in this complex ecosystem, advertising industry self-regulatory groups have developed ...

January 16, 2018, NRF General Counsels Forum

January 8, 2018, Covington Advisory

In late December, the Federal Trade Commission (“FTC”) released a Staff Report titled Blurred Lines: An Exploration of Consumers’ Advertising Recognition in the Contexts of Search Engines and Native Advertising. This Report is the most recent sign of the FTC’s continuing interest in native advertising and effective online disclosures. This study builds upon the ...

December 5, 2017, Covington Digital Health

In the third installment of our series, Covington’s global cross-practice Digital Health team considers some additional key questions about Artificial Intelligence (AI), data privacy, and cybersecurity that companies across the life sciences and technology sectors should be asking to address the regulatory and commercial pieces of the complex digital health ...

November 9, 2017, CTIA Wireless Legal Seminar for the West

October 29, 2017, The Times

Lindsey Tonsager is quoted by The Times in an article regarding the use of artificial intelligence in healthcare. Commenting on how regulators are beginning to address some of the issues, Tonsager says, "The law hasn’t caught up with the technology. Nobody knows exactly who will be responsible.” “Some diseases disproportionately affect certain types of ...

October 17, 2017, Silicon Valley Association of General Counsel All Hands Meeting

October 13, 2017, 6th Annual US-China IP Conference

October 4, 2017, Privacy + Security Forum

September 26, 2017, Covington Digital Health

In the second of a three-part series, Covington’s global cross-practice Digital Health team considers some additional key questions that companies across the life sciences, technology, and communications industries should be asking as they seek to fit together the regulatory and commercial pieces of the complex digital health puzzle. Key Commercial Questions ...

September 22, 2017, The Recorder

Lindsey Tonsager is quoted by The Recorder in an article regarding the recent decision in a case brought by the FTC alleging that selling connected devices with known security weaknesses is an unfair and deceptive business practice. According to Tonsager, "Judge Donato's order should discourage the FTC from adopting a legal standard that would consider potential ...

Fall 2017, Journal of Student Financial Aid

August 29, 2017, Covington Digital Health

In the first of a three-part series, Covington’s global cross-practice Digital Health team answers key questions that companies across the life sciences, technology, and communications industries should be asking as they seek to fit together the regulatory and commercial pieces of the complex digital health puzzle. Key Regulatory Questions About Digital Health ...

June 29, 2017, Bloomberg Law

Lindsey Tonsager is quoted in a Bloomberg Law article regarding the FTC's updated guidance that includes adding online-based questions as a method of obtaining parental consent under the Children's Online Privacy Protection Act. According to Tonsager, the new methods are a quick way for parents to give consent without having to mail in forms, and will largely ...

May 1, 2017, Covington Alert

In a widely anticipated step, FCC Chairman Ajit Pai has released the text of a draft Notice of Proposed Rulemaking (“NPRM”) proposing to change the legal framework that governs broadband providers, eliminate the “Internet conduct standard” for evaluating broadband provider practices on a case-by-case basis, and seek comment on whether to keep, modify, or ...

April 25, 2017, In-House Benefits Counsel Network National Forum

November 9, 2015, Multichannel News

October 8, 2015

WASHINGTON, DC, October 8, 2015 — Covington advised Prosper Marketplace, a leading online marketplace that connects borrowers and investors, in its acquisition of BillGuard, a personal finance analytics company. The financial terms of the deal were not announced. According to the company’s press release, the acquisition will enable Prosper Marketplace to offer ...

October 1, 2015

WASHINGTON, DC, October 1, 2015 - Covington has elected nine of its lawyers to partnership. “We are delighted to welcome our new partners, who exemplify the spirit and substance of Covington,” said Timothy Hester, chair of the firm’s management committee. “This partnership class reflects our focus on the firm’s core practice strengths. We are confident that ...

August 20, 2015

SAN FRANCISCO, August 20, 2015 — Covington advised Tencent Holdings Ltd. on its US$50 million investment in Ontario-based Kik Interactive, Inc., a messenger application with more than 200 million registered users. Tencent is a Chinese company that provides value-added Internet, mobile and telecom services and online advertising. Its messaging app WeChat has ...

June 24, 2015, FDAnews Social Media Regulatory Affairs Summit — Social Media: Getting to Yes — Satisfy Both ROI and the FDA

May 21, 2015, IAPP Seattle KnowledgeNet

May 12, 2015, Inside Counsel

April 10, 2015, PBS Technology Conference

April 10, 2015, PBS Technology Conference

March 5, 2015, IAPP Global Privacy Summit

February 17, 2015, Bloomberg BNA Social Media Law & Policy Report, Vol. 4, No. 7

October 21, 2014, Law360

October 1, 2014, Children’s Advertising Review Unit Annual Conference

April 30, 2013, Law360

April 11, 2013, Covington E-Alert

March 8, 2013, IAPP Global Privacy Summit

March 2013

August 2, 2012, Covington E-Alert

June 7, 2012, Covington Advisory

February 27, 2012, Covington E-Alert

December 1, 2010, Covington E-Alert

September 29, 2010, Covington Advisory

July 22, 2010, Covington Advisory

March 19, 2010, Covington Report

October 30, 2009, Covington E-Alert

October 6, 2009, Covington E-Alert

August 13, 2009, Covington Advisory

June 19, 2009, Covington E-Alert

January 6, 2009, Covington Advisory

2009, PBS Technology Conference

December 2008, Data Protection Law & Policy

August 2008, Data Protection Law & Policy

March 2008, Data Protection Law & Policy

2008, Annual Presentation to the Smithsonian Institution’s Office of General Counsel on Developments in Intellectual Property

2007, Annual Presentation to the Smithsonian Institution’s Office of General Counsel on Developments in Intellectual Property

2006, 90 Minn. L. Rev. 1506