Lindsey Tonsager

Lindsey Tonsager

Lindsey Tonsager helps national and multinational clients in a broad range of industries anticipate and effectively evaluate legal and reputational risks under federal and state data privacy and communications laws.

In addition to assisting clients engage strategically with the Federal Trade Commission, the U.S. Congress, and other federal and state regulators on a proactive basis, she has experience helping clients respond to informal investigations and enforcement actions, including by self-regulatory bodies such as the Digital Advertising Alliance and Children’s Advertising Review Unit.

Ms. Tonsager’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of endorsements and testimonials in advertising and social media, the collection of personal information from children and students online, behavioral advertising, e-mail marketing, artificial intelligence the processing of “big data” in the Internet of Things, spectrum policy, online accessibility, compulsory copyright licensing, telecommunications and new technologies.

Ms. Tonsager also conducts privacy and data security diligence in complex corporate transactions and negotiates agreements with third-party service providers to ensure that robust protections are in place to avoid unauthorized access, use, or disclosure of customer data and other types of confidential information. She regularly assists clients in developing clear privacy disclosures and policies―including website and mobile app disclosures, terms of use, and internal social media and privacy-by-design programs.

Subscribe to all posts by Lindsey Tonsager

FTC and Department of Education Announce Joint Workshop on FERPA and COPPA Compliance for Ed Tech

Earlier this week, the Federal Trade Commission and Department of Education announced plans to hold a joint workshop on the application of the Children’s Online Privacy Protection Act (“COPPA”) and the Family Educational Rights and Privacy Act (“FERPA”) to educational technology products and services in the K-12 school environment.  In advance of the workshop, the … Continue Reading

FTC Launches Review of Its Email Marketing Rule

Today the FTC announced that it is undertaking a review of its CAN-SPAM Rule, which sets out the requirements for sending commercial e-mail messages.  Among other things, the CAN-SPAM Rule requires that senders of commercial e-mails provide recipients a mechanism to opt out of receiving commercial e-mails, honor opt-out requests within 10 business days, and include specific disclosures in the … Continue Reading

FTC Staff Publish COPPA Guidance for Businesses

The FTC staff published today a “Six-Step Compliance Plan” for businesses to comply with the Children’s Online Privacy Protection Act (COPPA). The guidance, which provides a useful framework for businesses, states explicitly that COPPA applies to connected toys and other devices that collect personal information from children over the Internet.  The FTC’s 2013 revisions to the COPPA Rule greatly expanded … Continue Reading

California Attorney General Issues Recommendations for Privacy in Ed Tech

On November 2, 2016, California Attorney General Kamala Harris released a report outlining best practices for the education technology industry (“Ed Tech”).  In Ready for School: Recommendations for the Ed Tech Industry to Protect the Privacy of Student Data, Attorney General Harris noted the need to implement robust safeguards for collection, use, and sharing of … Continue Reading

Digital Advertising Alliance Will Begin Enforcing its Cross-Device Guidance February 1, 2017

The Digital Advertising Alliance (DAA), a consortium of the nation’s largest media and marketing associations that has established self-regulatory standards for online behavioral advertising, announced on October 13 that the Council of Better Business Bureaus and the Direct Marketing Association will begin enforcement of the Application of the DAA Principles of Transparency and Control to Data … Continue Reading

FTC’s Jessica Rich Argues IP Addresses and Other Persistent Identifiers Are “Personally Identifiable”

In a blog post published on the Federal Trade Commission (FTC) website, Jessica Rich, Director of the FTC’s Bureau of Consumer Protection, recently stated that: “we regard data as ‘personally identifiable,’ and thus warranting privacy protections, when it can be reasonably linked to a particular person, computer, or device. In many cases, persistent identifiers such as device … Continue Reading

Start With Security: Key Takeaways from the FTC’s Data Security Conference

By Lindsey Tonsager and Megan Rodgers The FTC held its “Start with Security” conference in San Francisco, California, last week, launching an initiative to provide companies with practical resources for implementing effective data security strategies. The event was targeted at tech start-ups and small- and medium-sized businesses, but the panelists included representatives from companies with … Continue Reading

Covington Webinar on the Internet of Things

On Thursday, January 29, Covington’s Global Privacy and Data Security Practice Group will host a webinar on the Internet of Things (IoT).  The webinar will cover the full federal, state, and international legal landscape governing IoT technology. While the Federal Trade Commission (FTC) is expected to release a report soon on privacy issues raised by IoT, the FTC … Continue Reading

FTC Warns Foreign Mobile-App Developer To Comply With COPPA

In late December 2014, the FTC staff sent China-based mobile app developer BabyBus a letter warning the company that several of its apps may violate the FTC’s Children’s Online Privacy Protection Act (COPPA) Rule. Staff alleged that the apps are marketed for young children and “use cartoon characters to teach children letters, counting, shapes, music, … Continue Reading

What the FTC’s Latest COPPA Settlements Mean for Mobile Apps

Making good on its warnings that mobile apps will be an enforcement priority under the revised Children’s Online Privacy Protection Act (“COPPA”) Rule, the FTC has announced two settlements with mobile app developers: TinyCo., the developer of several child-directed mobile apps, will pay $300,000 to settle charges that it violated COPPA by collecting children’s email addresses through its mobile app … Continue Reading

FTC Staff Updates COPPA FAQs on Verifiable Parental Consent Methods

The FTC staff has posted revisions to three Frequently Asked Questions (“FAQs”) related to obtaining verifiable parental consent under its COPPA Rule. For a comparison of the old and new FAQs, click here. Although the changes (which include a new FAQ H.16) may appear substantial, they mostly reaffirm the FTC’s longstanding position that the agency’s … Continue Reading

FTC Denies First Request For More Flexible Parental Consent Methods

The FTC has denied AssertID’s request to recognize a new method for obtaining verifiable parental consent for the online collection, use, and disclosure of personal information from children under 13.  The application was the first of its kind to be filed since the FTC added a voluntary parental consent approval process to its revised rule implementing … Continue Reading

FTC Releases Agenda for November 19th “Internet of Things” Workshop

The FTC has announced its agenda and panelists for its workshop on connected devices, which will be held on November 19, 2013. The workshop will focus on three industries that increasingly rely on the Internet of Things: (1) homes equipped with “smart” home appliances and connected devices; (2) health and fitness devices that transmit data … Continue Reading

FTC Reminds Mobile App Developers To Comply With Revised Children’s Privacy Requirements By July 1

The Federal Trade Commission has sent letters to more than 90 different companies who develop mobile apps that the FTC claims may be directed to children.  The letters emphasize that the FTC has not evaluated the apps or the companies’ practices to determine if they comply with the current or revised COPPA Rule.  Instead, the letters remind these … Continue Reading

FTC’s Current Enforcement Priorities: Infographic

Speaking at a seminar hosted by the International Association of Privacy Professionals, Assistant Director Chris Olsen and Senior Attorney Peder Magee, both of the Federal Trade Commission’s Division of Privacy and Identity Protection, provided a useful overview of the FTC’s recent enforcement actions and current enforcement priorities.  Based on this discussion, the following infographic identifies the … Continue Reading

FTC Releases Revised COPPA FAQs: Here’s What’s New

The Federal Trade Commission has released its much anticipated revised COPPA FAQs.  Although these FAQs are not legally binding, they provide informal guidance to industry on staff’s interpretations of the COPPA Rule.  For the most part, the FAQs reiterate past guidance and emphasize key provisions of the new COPPA Rule and its Statement of Basis and Purpose.  However, here are 5 key things that the revised … Continue Reading

Covington Event: Insurance Coverage for Employment-Related Liabilities

Employees’ use of social media and other online services in their professional and personal lives has increased the risk of an employee bringing claims against a current or former employer.  In the past three years, for example, employers have had to defend against claims related to ownership of social media accounts used by former employees … Continue Reading

5 Privacy and Data Security Measures That Can Protect Your Company Against Trade Secret Theft

At a recent forum in New York, a team of Covington lawyers addressed the growing concern among companies that their most valuable assets could leave the building on a thumb drive in an employee’s pocket or be disclosed through an employee’s use of a social media site.  Addressing this threat involves many disciplines beyond trade … Continue Reading

FTC Settles Deception, COPPA Charges Against Social Networking App Path

Path, a social networking mobile app, has agreed to enter into a settlement with the Federal Trade Commission (“FTC”) regarding charges that the company deceived consumers by collecting contact information from users’ mobile address books without notice and consent.  The agreement also resolves charges that the company violated the Children’s Online Privacy Protection Act (“COPPA”) … Continue Reading

FTC Adopts Final COPPA Rule: What Businesses Should Know

The Federal Trade Commission has released its revised final rule implementing the Children’s Online Privacy Protection Act (“COPPA”), which governs (1) operators of websites and online services that are directed to children under the age of 13 and (2) operators of general audience websites or online services that have actual knowledge that a user is … Continue Reading

FTC Releases Second Report on Mobile Apps Directed To Children

The Federal Trade Commission released today its second report on mobile apps directed to children.  The report, which follows up on an analysis that staff conducted in February 2012, examined the privacy disclosures of hundreds of kid-directed mobile apps and tested the apps’ practices against these disclosures to determine if the disclosures were accurate and complete.   Staff found the results … Continue Reading

Court Approves $22.5 Million Google Settlement

A U.S. district court has approved the Federal Trade Commission’s $22.5 million settlement with Google.  The FTC had charged that Google misrepresented to users of Apple’s Safari browser that it would not place tracking cookies or serve targeted ads to those users, violating an earlier privacy settlement between the company and the FTC.  The settlement is … Continue Reading

NLRB Finds DISH Network Social Media Policy Unlawful

The National Labor Relations Board (NLRB) continues to be active in considering whether companies’ social media policies run afoul of U.S. labor laws.  In the latest decision implementing the approach reflected in a series of NLRB reports analyzing employer social media policies under the National Labor Relations Act (NLRA), an administrative law judge found that it is impermissible … Continue Reading
LexBlog