Photo of Andrew Longhi

Andrew Longhi

Andrew Longhi advises national and multinational companies across industries on a wide range of regulatory, compliance, and enforcement matters involving data privacy, telecommunications, and emerging technologies.

Andrew's practice focuses on advising clients on how to navigate the rapidly evolving legal landscape of state, federal, and international data protection laws. He proactively counsels clients on the substantive requirements introduced by new laws and shifting enforcement priorities. In particular, Andrew routinely supports clients in their efforts to launch new products and services that implicate the laws governing the use of data, connected devices, biometrics, and telephone and email marketing.

Andrew assesses privacy and cybersecurity risk as a part of diligence in complex corporate transactions where personal data is a key asset or data processing issues are otherwise material. He also provides guidance on generative AI issues, including privacy, Section 230, age-gating, product liability, and litigation risk, and has drafted standards and guidelines for large-language machine-learning models to follow. Andrew focuses on providing risk-based guidance that can keep pace with evolving legal frameworks.

This quarterly update highlights key legislative, regulatory, and litigation developments in the second quarter of 2024 related to artificial intelligence (“AI”), connected and automated vehicles (“CAVs”), and data privacy and cybersecurity. Continue Reading U.S. Tech Legislative, Regulatory & Litigation Update – Second Quarter 2024

On April 2, the Enforcement Division of the California Privacy Protection Agency issued its first Enforcement Advisory, titled “Applying Data Minimization to Consumer Requests.”  The Advisory highlights certain provisions of and regulations promulgated under the California Consumer Privacy Act (“CCPA”) that “reflect the concept of data minimization” and provides two examples that illustrate how businesses may apply data minimization principles in certain scenarios.Continue Reading California Privacy Protection Agency Issues Enforcement Advisory on Data Minimization

On April 3, at the International Association of Privacy Professionals’ global privacy conference, California Privacy Protection Agency (“CPPA”) Executive Director Ashkan Soltani gave remarks on his agency’s priorities with respect to rulemaking and administrative enforcement of the California Consumer Privacy Act (“CCPA”).  Below we provide a few key takeaways:Continue Reading CPPA Executive Director Remarks on Policy and Enforcement Priorities

This quarterly update highlights key legislative, regulatory, and litigation developments in the first quarter of 2024 related to artificial intelligence (“AI”), connected and automated vehicles (“CAVs”), and data privacy and cybersecurity.  As noted below, some of these developments provide industry with the opportunity for participation and comment.Continue Reading U.S. Tech Legislative, Regulatory & Litigation Update – First Quarter 2024

The FTC recently announced proposed consent orders with Outlogic (formerly X-Mode Social) and InMarket Media concerning their collection and monetization of precise geolocation data.  Both companies collect location data using software development kits (“SDKs”) installed in first and third party apps, among other data sources.  According to the FTC’s complaints, Outlogic sold this data to third parties (including in a manner that revealed consumer’s visits to sensitive locations) without obtaining adequate consent, and InMarket used this data to facilitate targeted advertising without notifying consumers that their location data will be used for targeted advertising.  In both cases, the FTC alleged that these acts and practices constituted unfair and/or deceptive acts or practices under Section 5 of the FTC Act. Continue Reading FTC Announces Proposed Consent Orders Related to Location Data

A new post on the Covington Inside Global Tech blog highlights key legislative, regulatory, and litigation developments in the fourth quarter of 2023 and early January 2024 related to technology issues.  These included developments related to artificial intelligence (“AI”), connected and automated vehicles (“CAVs”), data privacy, and cybersecurity. As noted

Continue Reading U.S. Tech Legislative, Regulatory & Litigation Update – Fourth Quarter 2023

On December 19, 2023, the Federal Trade Commission (“FTC”) announced that it reached a settlement with Rite Aid Corporation and Rite Aid Headquarters Corporation (collectively, “Rite Aid”) to resolve allegations that the companies violated Section 5 of the FTC Act (as well as a prior settlement with the agency) by failing to implement reasonable procedures to prevent harm to consumers while using facial recognition technology.  As part of the settlement, Rite Aid agreed to cease using “Facial Recognition or Analysis Systems” (defined below) for five years and establish a monitoring program to address certain risks if it seeks to use such systems for certain purposes in the future.Continue Reading Rite Aid Settles FTC Allegations Regarding Use of Facial Recognition Technology

At its December 8 board meeting, the California Privacy Protection Agency (“CPPA”) voted to advance a legislative proposal that would require vendors of web browsers to include a feature that would allow consumers to exercise data subject rights through opt-out preference signals.  Regulations promulgated under the California Consumer Privacy Act

Continue Reading California Privacy Protection Agency Votes to Advance Legislation Requiring Certain Browsers to Support Opt-Out Preference Signals

On October 10, 2023, California Governor Gavin Newsom signed S.B. 362, the Delete Act (the “Act”), into law.  The new law represents a substantive overhaul of California’s existing data broker statute, which requires data brokers to register with the California Attorney General annually.  The passage of the Act follows a renewed interest in data broker activity nationwide, including a request for comments from the Consumer Financial Protection Bureau and the introduction of similar legislation at the federal level.   Below, we outline a number of key provisions:Continue Reading California Amends Data Broker Law

In late June, the Oregon Legislature passed HB 2759, which would amend the state’s existing “do not call” law.  The bill currently is awaiting action by the governor. 

If enacted, the bill would make a person “liable for any loss and subject to any penalty” to the same extent

Continue Reading Oregon Legislature Passes Update to State Telemarketing Law