Photo of Libbie Canter

Libbie Canter

Libbie Canter represents a wide variety of multinational companies on managing privacy, cyber security, and artificial intelligence risks, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with U.S. and global privacy laws. She routinely supports clients on their efforts to launch new products and services involving emerging technologies, and she has assisted dozens of clients with their efforts to prepare for and comply with federal and state laws, including the California Consumer Privacy Act, the Colorado AI Act, and other state laws. As part of her practice, she also regularly represents clients in strategic transactions involving personal data, cybersecurity, and artificial intelligence risk and represents clients in enforcement and litigation postures.

Libbie represents clients across industries, but she also has deep expertise in advising clients in highly-regulated sectors, including financial services and digital health companies. She counsels these companies — and their technology and advertising partners — on how to address legacy regulatory issues and the cutting edge issues that have emerged with industry innovations and data collaborations. 

Chambers USA 2024 ranks Libbie in Band 3 Nationwide for both Privacy & Data Security: Privacy and Privacy & Data Security: Healthcare. Chambers USA notes, Libbie is "incredibly sharp and really thorough. She can do the nitty-gritty, in-the-weeds legal work incredibly well but she also can think of a bigger-picture business context and help to think through practical solutions."

On June 19, 2025, the U.S. District Court for the Northern District of Texas vacated the majority of the Biden Administration rule (the “2024 Rule”) modifying the Standards for Privacy of Individually Identifiable Health Information (“Privacy Rule”) under the Health Insurance Portability and Accountability Act (“HIPAA”) regarding protected health information (“PHI”) concerning reproductive health.  As discussed in further detail in our previous blog post, the 2024 Rule “limit[ed] the circumstances in which provisions of the Privacy Rule permit the use or disclosure of an individual’s PHI about reproductive health care for certain non-health care purposes.” Continue Reading District Court Enjoins Privacy Rule Modifications Regarding Reproductive Health Care

Following the approach taken by the Kentucky and Connecticut legislatures this spring, Oregon has amended its comprehensive privacy statute to implement changes to the law.  Specifically, the amendment extends the statutory cure period to July 1, 2026, but this extension is limited to certain controllers.  Beginning on January 1, 2026, the statute’s cure provision will only apply to controllers that are a “noncommercial educational broadcast station, as defined in 47 U.S.C. 397” and that (1) receive funding from the Corporation for Public Broadcasting and (2) distribute the entity’s journalism content without cost to recipients.   Continue Reading Oregon Amends Its Comprehensive Privacy Statute

On June 2, 2025, the New Jersey Division of Consumer Affairs published draft regulations to implement the New Jersey Data Protection Act, which went into effect on January 1, 2025. The draft regulations propose detailed requirements, including for privacy notices, consent, and consumer rights. Interested parties may submit written

Continue Reading New Jersey Division of Consumer Affairs Proposes Draft Regulations

A number of previously enacted laws related to privacy and minors’ use of social media platforms will enter into force in July 2025.  These laws include comprehensive privacy frameworks in Tennessee and Minnesota, as well as laws governing the use of social media platforms by minors in Georgia and Louisiana.  An overview of some key laws is below.Continue Reading New State Privacy and Minor Social Media Laws to Become Effective in July

Since the beginning of 2025, there have been a flurry of bills introduced at the state and federal level related to genetic privacy, which follows a similar trend over the past several years.  These bills have focused on a range of issues, including general genetic privacy, national security implications of “foreign adversaries” accessing genetic information, the privacy practices of direct-to-consumer (“DTC”) genetic testing companies, and the transfer of genetic data as part of bankruptcy proceedings, among others.  We summarize a subset of such bills moving through state and federal legislatures below.Continue Reading Multiple States Enact Genetic Privacy Legislation in a Busy Start to 2025

On May 6, 2025, the California Privacy Protection Agency (“CPPA”) announced a decision and $345,178 fine related to allegations that Todd Snyder, Inc. violated the California Consumer Privacy Act (“CCPA”) and requirements to change its business practices.Continue Reading Clothing Retailer, Todd Snyder, Inc., Settles CPPA Allegations Regarding California Consumer Privacy Act Violations

On April 15, 2025, the Montana legislature unanimously passed Montana SB 297, a bill that would amend the Montana Consumer Data Privacy Act (“MTCDPA”) with provisions expanding online data protections for minors, narrowing the exemptions under the Gramm-Leach-Bliley Act, and removing a controller’s right to cure, among others.  We outline some key provisions below.Continue Reading Montana Passes Amendments to Consumer Data Privacy Act

Early this month, a Northern District of California judge dismissed, with prejudice, a putative class action complaint asserting five privacy-related causes of action, concluding the “issue of consent defeat[ed] all of Plaintiffs’ claims.”  Lakes v. Ubisoft, Inc., –F. Supp. 3d–, 2025 WL 1036639 (N.D. Cal. Apr. 2, 2025).  Specifically, the Court dismissed plaintiffs’ claims under the (1) Video Privacy Protection Act (“VPPA”); (2) Federal Wiretap Act; (3) California Invasion of Privacy Act (“CIPA”) § 631; (4) common law invasion of privacy; and (5) Article I, Section 1 of the California Constitution. Continue Reading California Court Holds Plaintiffs’ Consent Defeats Claims Involving Use of Website Pixel

On March 12, 2025, the California Privacy Protection Agency (“CPPA”) announced a decision and $632,500 fine related to allegations that American Honda Motor Co., Inc. (“Honda”) violated the California Consumer Privacy Act (“CCPA”).Continue Reading Honda Settles CPPA Allegations Regarding California Consumer Privacy Act Violations