On May 22 the Federal Trade Commission (“FTC”) announced a $6 million settlement with Edmodo, an ed tech provider, for violations of the COPPA Rule and Section 5 of the FTC Act. The FTC described this settlement as the first FTC order that will prohibit an ed tech provider from requiring students to provide more personal data than necessary to participate in online activities. The settlement is consistent with the FTC’s policy statement on ed tech issued last May (see our summary of the policy statement here).

Lindsey Tonsager
Lindsey Tonsager helps national and multinational clients in a broad range of industries anticipate and effectively evaluate legal and reputational risks under federal and state data privacy and communications laws.
In addition to assisting clients engage strategically with the Federal Trade Commission, the U.S. Congress, and other federal and state regulators on a proactive basis, she has experience helping clients respond to informal investigations and enforcement actions, including by self-regulatory bodies such as the Digital Advertising Alliance and Children’s Advertising Review Unit.
Ms. Tonsager’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of endorsements and testimonials in advertising and social media, the collection of personal information from children and students online, behavioral advertising, e-mail marketing, artificial intelligence the processing of “big data” in the Internet of Things, spectrum policy, online accessibility, compulsory copyright licensing, telecommunications and new technologies.
Ms. Tonsager also conducts privacy and data security diligence in complex corporate transactions and negotiates agreements with third-party service providers to ensure that robust protections are in place to avoid unauthorized access, use, or disclosure of customer data and other types of confidential information. She regularly assists clients in developing clear privacy disclosures and policies―including website and mobile app disclosures, terms of use, and internal social media and privacy-by-design programs.
NYC Artificial Intelligence Rule to Take Effect July 5, 2023: New York City Issues Final Rule Regulating the Use of AI Tools by Employers
The New York City Department of Consumer and Worker Protection (“DCWP”) recently issued a Notice of Adoption of Final Rule (“Final Rule”) relating to the implementation of New York City’s law regulating the use of automated employment decision tools (“AEDT”) by NYC employers and employment agencies.
NYC’s Local Law 144 now takes effect on July 5, 2023. As discussed in our prior post, Local Law 144 prohibits employers and employment agencies from using certain Artificial Intelligence (“AI”) tools in the hiring or promotion process unless the tool has been subject to a bias audit within one year prior to its use, the results of the audit are publicly available, and notice requirements to employees or job candidates are satisfied.
The issuance of DCWP’s Final Rule follows the prior release of two sets of proposed rules in September 2022 and December 2022. The Final Rule’s most significant updates from the December 2022 proposal include an expansion of the definition of AEDTs and modifications to the requirements for bias audits. Key provisions of the Final Rule are summarized below.…
Indiana Passes Comprehensive Privacy Statute
On April 11, the Indiana legislature passed comprehensive state privacy legislation in the form of S.B. 5. S.B. 5 shares similarities with the state privacy laws in Virginia, Connecticut, Colorado, Utah, and most recently Iowa. If signed into law, S.B. 5 would take effect on January 1, 2026. This blog post summarizes the statute’s key takeaways.…
Continue Reading Indiana Passes Comprehensive Privacy Statute
State, Federal, and Global Developments in Children’s Privacy, Q1 2023
This year has been off to a busy start with respect to children’s and minors’ privacy legislation efforts. We wanted to take a moment to recap the latest developments across the board.
The most notable trend of the year thus far has been the widespread introduction of Age Appropriate Design Codes. Ten states have thus…
Iowa Enacts Comprehensive Consumer Privacy Law
On March 28, Governor Kim Reynolds signed into law SF 262, making Iowa the sixth state to enact a comprehensive consumer privacy law. The new law will take effect on January 1, 2025.
As we discuss here, Iowa’s privacy law shares a number of key similarities to existing state privacy frameworks, including providing…
Colorado AG Files Final Rules Implementing CPA
On March 15, 2023, the Colorado Attorney General filed final rules implementing the Colorado Privacy Act (“CPA”) with the Secretary of State. The Attorney General first released proposed draft rules on October 10, 2022 and subsequently released revised draft rules on December 21, 2022 and January 27, 2023 after public comment. The final rules will…
Iowa Passes Comprehensive Privacy Statute
On March 15th, the Iowa legislature passed S.F. 262 (the “ICDPA”), making it the sixth U.S. state to pass a comprehensive state privacy statute. The Iowa statute most closely resembles the Utah Consumer Privacy Act (“UCPA”), though it also shares some similarities with the approaches adopted in Virginia, Colorado, and Connecticut. The statute will next go to the governor’s desk for signature. If signed into law, the ICDPA would take effect on January 1, 2025.…
The Colorado AG Posts Revised Draft Regulations
Recently, the Colorado Attorney General’s office posted a revised draft of the regulations implementing the Colorado Privacy Act. The revisions made a number of changes, and we highlight a few key ones below.
- Specifying that the dark patterns provisions apply in certain circumstances only. The rules clarify that the rules governing dark patterns apply only
CPPA Approves First Round of Draft Rules
At the CPPA board meeting last week, the agency adopted the regulations and directed the staff to file the rulemaking package with the Office of Administrative Law (“OAL”). Before these regulations can become effective (and therefore enforceable), the OAL must complete its review of the regulations. It has 30 working days to complete its review…
FTC Issues New Guidance Regarding Health Products
On December 20, 2022, the Federal Trade Commission (“FTC”) announced its issuance of Health Products Compliance Guidance, which updates and replaces its previous 1998 guidance, Dietary Supplements: An Advertising Guide for Industry. While the FTC notes that the basic content of the guide is largely left unchanged, this guidance expands the scope of the previous guidance beyond dietary supplements to broadly include claims made about all health-related products, such as foods, over-the-counter drugs, devices, health apps, and diagnostic tests. This updated guidance emphasizes “key compliance points” drawn from the numerous enforcement actions brought by the FTC since 1998, and discusses associated examples related to topics such as claim interpretation, substantiation, and other advertising issues.…
Continue Reading FTC Issues New Guidance Regarding Health Products