Photo of Lindsey Tonsager

Lindsey Tonsager

Lindsey Tonsager is a recognized leader in representing companies before federal and state regulators, and is renowned for advising on minor protection, AI, and state comprehensive privacy laws.

Lindsey chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and State Attorneys General on proposed changes to data protection laws, and regularly represents clients in responding to investigations and enforcement actions involving their privacy and information security practices.

Lindsey’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of artificial intelligence; data processing for robotics, autonomous vehicles, and other connected devices; biometrics; online advertising; the collection of personal information from children, teens, and students online; e-mail marketing; disclosures of video viewing information; and new technologies.

Lindsey also assesses privacy and data security risks in complex corporate transactions where personal data is a critical asset or data processing risks are otherwise material. In light of a dynamic regulatory environment where new state, federal, and international data protection laws are always on the horizon and enforcement priorities are shifting, she focuses on designing risk-based global privacy programs for clients that can keep pace with evolving legal requirements and efficiently leverage the clients’ existing privacy policies and practices. She conducts data protection assessments to benchmark against legal requirements and industry trends and proposes practical risk mitigation measures.

Contact:Read more about Lindsey TonsagerEmail

Last week, Senators Richard Blumenthal (D-CT) and Marsha Blackburn (R-TN) introduced the bipartisan Kids Online Safety Act (“KOSA”), which would impose new safeguards, tools, and transparency requirements for minors online.  The bill applies to entities that are a “commercial software application or electronic service that connects to the internet and
Continue Reading U.S. Congress Introduces Kids Online Safety Act

Last week the California Privacy Protection Agency (“CPPA”) held its sixth Board meeting and first meeting of 2022.  The meeting notably included a discussion of the expected timing for issuing final regulations implementing the California Privacy Rights Act.
Continue Reading California Privacy Protection Agency Clarifies Timing of Forthcoming CPRA Regulations

Early last week, Senator Cory Booker (D-NJ) and Congresswomen Anna Eshoo (D-CA) and Jan Schakowsky (D-IL) introduced a new bill, the Banning Surveillance Advertising Act, which would prohibit ad tech companies and other advertisers from engaging in targeted or “surveillance” advertising.  Targeted advertising is defined under the bill as
Continue Reading Congressional Democrats Introduce New Bill Banning Targeted Advertising

A new year means new state privacy bills introduced in states across the country.  With two additional states joining California last year with the passage of the Virginia Consumer Data Protection Act and the Colorado Privacy Act, it is likely that more states will join the fray this year in creating a patchwork of comprehensive privacy laws in the United States.

While some states will have these bills under consideration well into the fall, the vast majority of state legislatures will adjourn by early June and thirteen will adjourn before the start of April.

During this early year sprint, there are five general trends that observers will want to keep an eye on in state legislatures.
Continue Reading State Legislative Trends to Watch in 2022

The Virginia Consumer Data Protection Act (“VCDPA”) Work Group has issued its 2021 Final Report. The final report, which is based on the six Work Group meetings between June and October 2021, summarizes information presented at the meetings on topics such as enforcement, definitions and rulemaking authority, as well as consumer rights and education.  We summarize some of the comments below.
Continue Reading Virginia Consumer Data Protection Act Work Group Issues Final Report

The California Privacy Protection Agency refreshed its invitation for public comments on the California Privacy Rights Act regulations. It clarified that commenters can comment on the enumerated topics we discussed here or any others. The deadline for the comments is November 8, 2021.
Continue Reading All CPRA Comments due November 8, 2021

The California Privacy Protection Agency (CPPA), which is responsible for issuing regulations implementing the California Privacy Rights Act (CPRA), has posted its approved discussion draft for seeking public comments in preparation for its CPRA rulemaking activities.  The CPPA indicated that it is particularly interested in receiving comments on the following eight topics:
Continue Reading California Privacy Protection Agency Seeks Comments on Preliminary CPRA Issues

To add to the growing number of bills that would amend or revoke Section 230 of the Communications Decency Act, last month Senator Amy Klobuchar (D-MN) introduced the Health Misinformation Act of 2021 (S.2448).  Senator Ben Lujan (D-NM) cosponsored the bill.

The bill would amend Section 230 to
Continue Reading New Bill Would Revoke Section 230 Liability Protection for “Health Misinformation” Promoted During Public Health Emergencies

Yesterday, Rep. Kathy Castor (D-FL) introduced an updated version of the “Protecting the Information of our Vulnerable Children and Youth Act” (Kids PRIVCY Act), which would make broad changes the Children’s Online Privacy Protection Act (COPPA).  Rep. Castor introduced a similar bill in early 2020, but it stalled alongside other proposals to overhaul the federal children’s privacy law last year.
Continue Reading Rep. Castor Reintroduces Bill to Rewrite the Children’s Online Privacy Protection Act