Photo of Lindsey Tonsager

Lindsey Tonsager

Lindsey Tonsager is a recognized leader in representing companies before federal and state regulators, and is renowned for advising on minor protection, AI, and state comprehensive privacy laws.

Lindsey chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and State Attorneys General on proposed changes to data protection laws, and regularly represents clients in responding to investigations and enforcement actions involving their privacy and information security practices.

Lindsey’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of artificial intelligence; data processing for robotics, autonomous vehicles, and other connected devices; biometrics; online advertising; the collection of personal information from children, teens, and students online; e-mail marketing; disclosures of video viewing information; and new technologies.

Lindsey also assesses privacy and data security risks in complex corporate transactions where personal data is a critical asset or data processing risks are otherwise material. In light of a dynamic regulatory environment where new state, federal, and international data protection laws are always on the horizon and enforcement priorities are shifting, she focuses on designing risk-based global privacy programs for clients that can keep pace with evolving legal requirements and efficiently leverage the clients’ existing privacy policies and practices. She conducts data protection assessments to benchmark against legal requirements and industry trends and proposes practical risk mitigation measures.

Last month, the Illinois Department of Human Rights (“IDHR”) released draft regulations addressing employers’ use of AI in employment decisions and invited public comment. The IDHR will hold a hearing on the draft regulations on June 10, and the public comment period will close on June 29.

Background

HB

Continue Reading Illinois Department of Human Rights Seeks Public Comment on Draft AI Employment Regulations

On May 27, the Connecticut governor signed SB 4, an omnibus privacy law, followed a week later by two clean-up bills, HB 5222 and HB 5563 (collectively “SB 4”). SB 4, among other things, amends the Connecticut Data Privacy Act (“CTDPA”), establishes a data broker registry and accessible deletion mechanism, imposes restrictions on surveillance pricing, and creates requirements for direct-to-consumer genetic testing companies.

Continue Reading Connecticut Enacts Omnibus Privacy Law

On April 28, 2026, Maryland Governor Moore signed HB 895 (the Protection From Predatory Pricing Act) into law, which will impose limitations on the use of personalized pricing in the food retail and grocery delivery context.  The law will go into effect on October 1, 2026.  As we have detailed in prior blog posts, there has been a wave of personalized pricing proposals at the state level, and the FTC is focusing attention on pricing in the grocery sector.

Continue Reading Maryland Enacts Law on Personalized Food Pricing

The Federal Trade Commission (FTC) announced a settlement with dating app operator OkCupid and its affiliate Match Group Americas (Match), resolving allegations that the company had violated Section 5 of the FTC Act by sharing users’ personal information with a third party in a manner that was not disclosed in

Continue Reading FTC Alleges OkCupid Data Sharing Amounted to a Deceptive Practice

U.S. state lawmakers have introduced more than 40 bills across at least 24 states to regulate personalized algorithmic pricing in 2026 thus far, already outpacing the number of personalized algorithmic pricing bills introduced in all of 2025.  While their definitions and scope vary, the 2026 bills broadly refer to “personalized

Continue Reading State Lawmakers Introduce New Wave of Personalized Algorithmic Pricing Bills

On February 27, 2026, CalPrivacy and PlayOn settled a CCPA claim for $1.1 million. PlayOn is a digital ticketing platform used by schools and other organizations for ticketing, streaming, fundraising, concessions, merchandise sales, and website management. The settlement resolves allegations that PlayOn unlawfully “sold” and “shared” users’ personal information without providing sufficient opt-outs and notice, in violation of the CCPA. This marks the agency’s first enforcement action involving students’ data privacy.

Continue Reading CalPrivacy Fines PlayOn Sports for Insufficient Opt-Out Process

The Connecticut Office of the Attorney General (“OAG”) issued an updated Enforcement Report (“Enforcement Report”) under the Connecticut Data Privacy Act (“CTDPA”). The Enforcement Report discusses the OAG’s enforcement actions in 2025 and suggests some areas of focus from the regulator, summarized below.

Continue Reading Connecticut Attorney General Releases 2025 CTDPA Enforcement Report

On his last day in office, January 20, 2026, former New Jersey Governor Phil Murphy signed an amendment to the New Jersey Data Privacy Act, A5017. The bill amends the state’s comprehensive privacy law to add new data- and entity-level exemptions and to expand the definition of de-identified data. The amendment took effect immediately.

Continue Reading New Jersey Enacts Amendment to its Comprehensive Privacy Law