Photo of Lindsey Tonsager

Lindsey Tonsager helps national and multinational clients in a broad range of industries anticipate and effectively evaluate legal and reputational risks under federal and state data privacy and communications laws.

In addition to assisting clients engage strategically with the Federal Trade Commission, the U.S. Congress, and other federal and state regulators on a proactive basis, she has experience helping clients respond to informal investigations and enforcement actions, including by self-regulatory bodies such as the Digital Advertising Alliance and Children’s Advertising Review Unit.

Ms. Tonsager’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of endorsements and testimonials in advertising and social media, the collection of personal information from children and students online, behavioral advertising, e-mail marketing, artificial intelligence the processing of “big data” in the Internet of Things, spectrum policy, online accessibility, compulsory copyright licensing, telecommunications and new technologies.

Ms. Tonsager also conducts privacy and data security diligence in complex corporate transactions and negotiates agreements with third-party service providers to ensure that robust protections are in place to avoid unauthorized access, use, or disclosure of customer data and other types of confidential information. She regularly assists clients in developing clear privacy disclosures and policies―including website and mobile app disclosures, terms of use, and internal social media and privacy-by-design programs.

The Connecticut legislature passed Connecticut SB 6 on April 28, 2022.  If signed by the governor, the bill would take effect on July 1, 2023, though the task force created by the bill will be required to begin work sooner.

The bill closely resembles the Colorado Privacy Act, with a few notable additions.  Like the Colorado Privacy Act, the bill adopts “controller” and “processor” terminology, provides consumers with rights to access, correct, delete, obtain a copy, and opt-out of certain types of processing of their personal data, and requires consent for certain activities.
Continue Reading Connecticut Legislature Passes Comprehensive Privacy Bill

On April 12, at the International Association of Privacy Professionals’ global privacy conference, Colorado Attorney General Phil Weiser gave remarks on his office’s approach to the rulemaking and enforcement of the Colorado Privacy Act.
Continue Reading Colorado Attorney General Remarks on CPA Rulemaking

In March, the Supreme Court issued its decision in Federal Bureau of Investigation v. Fazaga, No. 20-828, holding that the state secrets privilege—and its dismissal remedy—applies to cases that may also be subject to the judicial review procedures set forth in the Foreign Intelligence Surveillance Act (“FISA”).  In so holding, the Court reversed the Ninth Circuit’s 2020 ruling that FISA displaces the state secrets privilege in cases involving electronic surveillance.

Continue Reading Supreme Court Holds FISA Does Not Displace the State Secrets Privilege

The California Privacy Protection Agency (“CPPA”) held two informational hearings on March 29, 2022 and March 30, 2022, in anticipation of its upcoming rulemaking later this year.  While the CPPA Board was present throughout the hearings, its members did not present any views as part of the program.  The speakers covered the following topics of note:
Continue Reading California Privacy Protection Agency Holds Informational Hearings

Utah appears poised to be the next state with a comprehensive privacy law on its books, following California, Virginia, and Colorado.  On March 2nd, the Utah House of Representatives voted unanimously to approve an amended version of the legislative proposal, and the Senate concurred with the House amendment on the following day.  Formalities are now being completed to send the bill to Governor Spencer Cox for signature.

The Utah Consumer Privacy Act (“UCPA”) provides for consumer rights and responsibilities for controllers and processors.  Although the bill generally tracks the comprehensive privacy law passed in Virginia last year, the VCDPA, there are some notable differences.  Key provisions in the bill include the following:
Continue Reading Utah Legislature Passes Comprehensive Privacy Bill

As companies begin to prepare their CPRA compliance strategies, they are grappling with whether to include personal information processed in employment and business-to-business contexts. Currently, the CPRA’s partial exemptions for both of those types of data sunset on December 31, 2022. However, last week, the CA legislature introduced AB 2871 and AB 2891. AB

Last week, Senators Richard Blumenthal (D-CT) and Marsha Blackburn (R-TN) introduced the bipartisan Kids Online Safety Act (“KOSA”), which would impose new safeguards, tools, and transparency requirements for minors online.  The bill applies to entities that are a “commercial software application or electronic service that connects to the internet and that is used, or is

Last week the California Privacy Protection Agency (“CPPA”) held its sixth Board meeting and first meeting of 2022.  The meeting notably included a discussion of the expected timing for issuing final regulations implementing the California Privacy Rights Act.
Continue Reading California Privacy Protection Agency Clarifies Timing of Forthcoming CPRA Regulations

Early last week, Senator Cory Booker (D-NJ) and Congresswomen Anna Eshoo (D-CA) and Jan Schakowsky (D-IL) introduced a new bill, the Banning Surveillance Advertising Act, which would prohibit ad tech companies and other advertisers from engaging in targeted or “surveillance” advertising.  Targeted advertising is defined under the bill as the dissemination of ads based

A new year means new state privacy bills introduced in states across the country.  With two additional states joining California last year with the passage of the Virginia Consumer Data Protection Act and the Colorado Privacy Act, it is likely that more states will join the fray this year in creating a patchwork of comprehensive privacy laws in the United States.

While some states will have these bills under consideration well into the fall, the vast majority of state legislatures will adjourn by early June and thirteen will adjourn before the start of April.

During this early year sprint, there are five general trends that observers will want to keep an eye on in state legislatures.
Continue Reading State Legislative Trends to Watch in 2022