Subscribe

  • How Can We Help You?

    Global Problem Solving from Covington: Deal with Complex Problems Anywhere in the World

Tonsager_Lindsey_1000x714_ENV

Lindsey L. Tonsager

Partner

San Francisco +1 415 591 7061

  • About
  • Representative Matters
  • Credentials
  • About

    Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection laws, and regularly represents clients in responding to investigations and enforcement actions involving their privacy and information security practices.

    Lindsey’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of artificial intelligence, data processing for connected devices, biometrics, online advertising, endorsements and testimonials in advertising and social media, the collection of personal information from children and students online, e-mail marketing, disclosures of video viewing information, and new technologies.

    Lindsey also assesses privacy and data security risks in complex corporate transactions where personal data is a critical asset or data processing risks are otherwise material. In light of a dynamic regulatory environment where new state, federal, and international data protection laws are always on the horizon and enforcement priorities are shifting, she focuses on designing risk-based, global privacy programs for clients that can keep pace with evolving legal requirements and efficiently leverage the clients’ existing privacy policies and practices. She conducts data protection assessments to benchmark against legal requirements and industry trends and proposes practical risk mitigation measures.

    Areas of Expertise

  • Practices and Industries
  • Representative Matters
    • Advising AI providers on the privacy implications of collecting and using large datasets of consumer data (including text, voice, and biometric information) to develop, train, and improve their AI solutions.
    • Advising metaverse company on novel privacy and data governance issues related to development of hardware and software products.
    • Advising clients on their development of global privacy programs, policies and procedures to accommodate the emerging patchwork of U.S. state privacy laws (such as the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA) and other state privacy laws enacted in Colorado, Connecticut, Utah, and Virginia), leveraging existing practices under the EU General Data Protection Regulation (GDPR), China Personal Information Protection Law (PIPL), and other global data protection frameworks.
    • Represented multiple companies in responding to California Attorney General inquiries under the CCPA, addressing (for example) privacy policy notices, sharing personal data with affiliates and vendors, data deletion, financial incentives, sale opt-out mechanisms, and scope of relevant exemptions.
    • Represented a client on data privacy and security issues raised in connection with its acquisition of a voice and chat assistant conversational AI company.
    • Advising numerous website operators, app developers, and connected devices companies on compliance with the Children’s Online Privacy Protection Act (COPPA) and the FTC’s COPPA Rule, including representation of multiple companies in responding to FTC inquiries under COPPA (with no formal complaints filed in response) and successful resolution of children’s privacy inquiries by the Children’s Advertising Review Unit.
    • Advised a large online services company in launching a new personalized learning service for K-12 students in compliance with federal and state student privacy laws.
    • Counseled pharmaceutical companies, retailers, and online services in formulating email marketing campaigns that comply with the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act and implementing regulations.
    • Assisted a major media company in assessing its data collection, use, and disclosure practices across its family of websites, developing a new privacy-by-design program, and implementing the program through employee training.

    Areas of Expertise

  • Credentials
    Education
    • University of Minnesota Law School, J.D., 2007
        • magna cum laude
        • University of Minnesota Law Review, Lead Note & Comment Editor
        • Order of the Coif
    • University of Pennsylvania, B.A., 2004
        • magna cum laude
    Bar Admissions
    • California
    • District of Columbia
    Pro Bono
    • Assisted a non-profit organization in executing its social media strategy, including the development of privacy disclosures, terms of use, and an app development agreement.
    • Assisted a non-profit organization to develop an intellectual property policy for its online service.
    • Provided copyright advice to a nonprofit organization concerning its extensive music portfolio.
    • Advised a leading international anti-corruption organization on newsgathering and prepublication review issues.
    Accolades
    • The Daily Journal, "Top Artificial Intelligence Lawyers” (2024, 2019)
    • The Recorder, "30 Women Leaders in Tech Law" (2023-2024)
    • Chambers Global, Privacy & Data Security (2021-2025)
    • Chambers USA, Privacy & Data Security (2020-2025)
    • Lawdragon, 500 Leading Global Cyber Lawyers (2025)
    • Recognized by The Daily Journal on its "Top Cyber Lawyers" (2020, 2022).
    • Recognized by The Recorder on its “California Trailblazers” list (2020).
    • Legal 500 US, Cyber Law (including Data Protection and Privacy) (2016-2017) and Advertising and Marketing (2017)
    • Northern California Super Lawyers, Communications and Media & Advertising "Rising Star" (2016-2021)
    • Washington DC Super Lawyers, Communications "Rising Star" (2013-2015)
    Memberships and Affiliations
    • International Association of Privacy Professionals
    Previous Experience
    • Office of Commissioner Adelstein, Federal Communications Commission, Law Clerk (Summer 2005)

    Areas of Expertise

News and Insights

Events