Photo of Libbie Canter

Libbie Canter

Libbie Canter represents a wide variety of multinational companies on managing privacy, cyber security, and artificial intelligence risks, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with U.S. and global privacy laws. She routinely supports clients on their efforts to launch new products and services involving emerging technologies, and she has assisted dozens of clients with their efforts to prepare for and comply with federal and state laws, including the California Consumer Privacy Act, the Colorado AI Act, and other state laws. As part of her practice, she also regularly represents clients in strategic transactions involving personal data, cybersecurity, and artificial intelligence risk and represents clients in enforcement and litigation postures.

Libbie represents clients across industries, but she also has deep expertise in advising clients in highly-regulated sectors, including financial services and digital health companies. She counsels these companies — and their technology and advertising partners — on how to address legacy regulatory issues and the cutting edge issues that have emerged with industry innovations and data collaborations.

Chambers USA 2025 ranks Libbie in Band 3 Nationwide for both Privacy & Data Security: Privacy and Privacy & Data Security: Healthcare. Chambers USA notes, Libbie is "incredibly sharp and really thorough. She can do the nitty-gritty, in-the-weeds legal work incredibly well but she also can think of a bigger-picture business context and help to think through practical solutions."

Contact:Read more about Libbie CanterEmail

Last week, the Third Circuit affirmed dismissal of a putative class action asserting that defendant Quest Diagnostics violated the California Invasion of Privacy Act (“CIPA”) and the Confidentiality of Medical Information Act (“CMIA”) by employing a website pixel to track and collect data about their website activity for advertising purposes.

Continue Reading Third Circuit Affirms Dismissal of CIPA and CMIA Claims

On November 4, 2025, Senator Bill Cassidy (R-LA), chair of the Senate Health, Education, Labor, and Pensions (“HELP”) Committee, introduced the Health Information Privacy Reform Act (“HIPRA”). HIPRA seeks to extend protections similar to those provided under the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations (collectively, “HIPAA”) to certain health information collected by entities not currently regulated by HIPAA. HIPRA also proposes modifications and calls for guidance related to certain existing provisions of HIPAA as well as Part 2 (related to substance use disorder medical history).Continue Reading U.S. Senate Introduces the Health Information Privacy Reform Act

On September 23, 2025, the California Privacy Protection Agency announced that the state’s Office of Administrative Law approved regulations that update existing California Consumer Privacy Act (“CCPA”) regulations and introduce new regulations covering cybersecurity audits, risk assessments, and automated decision-making technology.  The updates to the existing regulations—which take effect on January 1, 2026—expand business obligations under the CCPA and give consumers more control over their personal information.  This blog post highlights key updates to the existing regulations. Continue Reading California Finalizes Updates to Existing CCPA Regulations

Recently, California Governor Gavin Newsom signed into law several privacy and related proposals, including new laws governing browser opt-out preference signals, social media account deletion, data brokers, reproductive and health services, age signals for app stores, social media “black box warning” labels for minors, and companion chatbots. This blog summarizes

Continue Reading California Enacts New Privacy Laws

On September 30, 2025, the California Privacy Protection Agency (“Agency”) announced a decision and $1.35 million fine to resolve allegations that Tractor Supply Co. (“Tractor Supply”) violated the California Consumer Privacy Act (“CCPA”). The settlement comes after the Agency filed a petition to enforce an investigative subpoena against Tractor Supply. In addition to imposing the Agency’s largest fine to date, the settlement also marks the Agency’s first enforcement action related to job applicant personal data. Similar to the enforcement actions against American Honda Motor Co., Inc. and Todd Snyder, Inc., the Agency continues to focus on how businesses facilitate consumer rights under the CCPA.Continue Reading California Privacy Agency Fines Tractor Supply $1.35 Million Over CCPA Violations

In late September, plaintiffs announced details regarding Google LLC’s (“Google”) and women’s health app developer, Flo Health Inc.’s (“Flo”) proposed settlements to resolve a class action lawsuit stemming from the Flo app’s allegedly unlawful sharing of health data with Google and others through online tracking technologies.

As part of the proposed settlements, Google agreed to pay $48 million and Flo agreed to pay $8 million, for a combined $56 million to resolve plaintiffs’ claims against these two entities.Continue Reading Flo Health, Google Settle Class Action Privacy Lawsuit for $56 Million

On September 24, Senate Democratic Leader Chuck Schumer (D-N.Y.), Senator Maria Cantwell (D-Wash.), and Senator Ed Markey (D-Mass.) introduced the Management of Individuals’ Neural Data (“MIND”) Act of 2025, which would require the Federal Trade Commission (“FTC”) to conduct a study and provide a report examining the governance of “neural

Continue Reading Congress Introduces Neural Data Bill

On August 29, the Oregon Department of Justice (DOJ) issued an enforcement report and press release covering its first year of enforcement of the Oregon Consumer Privacy Act (OCPA).  The OCPA took effect on July 1, 2024, and the cure period sunsets on January 1, 2026.  We previously summarized some of requirements in the OCPA here.  This blog summarizes notable takeaways from the enforcement report.Continue Reading Oregon DOJ Publishes Enforcement Report on the Oregon Consumer Privacy Act

On August 7, Massachusetts Governor Maura Healey signed into law a new Shield Law (S.2543) – the Shield Act 2.0 – that restricts providers’ ability to disclose information in certain health care-related investigations, among other provisions.  Like the Washington Shield Law that was enacted in 2023, the Shield Act 2.0 covers gender-affirming treatment in addition to reproductive health care.  The passage of the Shield Act 2.0 follows Massachusetts’s enactment, in 2022, of a Shield Law that provided protections for Massachusetts healthcare providers from sanctions for providing or assisting in the provision of legally protected reproductive healthcare services or gender-affirming healthcare services in the state.Continue Reading Massachusetts Enacts New Shield Law Expanding Protections for Certain Health Data

Earlier this month, the California Privacy Protection Agency (“CPPA”) filed a petition in Sacramento County Superior Court to enforce an investigative subpoena against Tractor Supply Company (“Tractor Supply”). Continue Reading California Privacy Protection Agency Asks Court To Enforce Its Subpoena Authority