Photo of Lindsey Tonsager

Lindsey Tonsager helps national and multinational clients in a broad range of industries anticipate and effectively evaluate legal and reputational risks under federal and state data privacy and communications laws.

In addition to assisting clients engage strategically with the Federal Trade Commission, the U.S. Congress, and other federal and state regulators on a proactive basis, she has experience helping clients respond to informal investigations and enforcement actions, including by self-regulatory bodies such as the Digital Advertising Alliance and Children’s Advertising Review Unit.

Ms. Tonsager’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of endorsements and testimonials in advertising and social media, the collection of personal information from children and students online, behavioral advertising, e-mail marketing, artificial intelligence the processing of “big data” in the Internet of Things, spectrum policy, online accessibility, compulsory copyright licensing, telecommunications and new technologies.

Ms. Tonsager also conducts privacy and data security diligence in complex corporate transactions and negotiates agreements with third-party service providers to ensure that robust protections are in place to avoid unauthorized access, use, or disclosure of customer data and other types of confidential information. She regularly assists clients in developing clear privacy disclosures and policies―including website and mobile app disclosures, terms of use, and internal social media and privacy-by-design programs.

Colorado is poised to join the growing number of states enacting a comprehensive privacy law.  On Monday, June 7, both houses of the legislature passed the Colorado Privacy Act.  The bill will now be sent to the Governor for approval. 
Continue Reading Colorado Legislature Passes Comprehensive Consumer Privacy Bill

This week, Senators Ed Markey (D-Mass.) and Bill Cassidy (R-La.) introduced the Children and Teens’ Online Privacy Protection Act, which would update the Children’s Online Privacy Protection Act (COPPA).  COPPA is the comprehensive federal children’s privacy law enacted in 1998 that regulates the collection, use, and disclosure of personal information online from children under 13.
Continue Reading Senators Markey and Cassidy Introduce Bill to Update the Children’s Online Privacy Protection Act

The five members of the California Privacy Protection Agency (“CPPA”) were announced today.  The members – who were appointed by Governor Newsom, Attorney General Becerra, Senate President pro Tempore Atkins, and Assembly Speaker Rendon – will lead the new agency, which will have rulemaking and enforcement authority under the California Privacy Rights Act (“CPRA”).
Continue Reading Members of the California Privacy Protection Agency Announced

Several states have proposed new privacy bills since their sessions began.  Some of the proposed bills carry over or re-introduce bills drafted in previous legislative sessions, while others are introducing firstin-time omnibus privacy bills.  In the high-level chart below, we compare five of the key state privacy frameworks: the CPRA, VCDPA (which we blogged about here), the NYPA, the general privacy provisions of the Washington Privacy Act, and the newly introduced Washington People’s Privacy Act (HB 1433)

Continue Reading 2021 State Privacy Legislation Roundup: California, Virginia, New York, and Washington

On January 7, the Federal Trade Commission (“FTC”) reached a proposed settlement with Tapjoy, a California-based company that operates an advertising platform within mobile gaming applications.  According to its complaint, the FTC alleges that Tapjoy deceived consumers by failing to provide in-game rewards it promised for completing actions associated with third-party advertisements.
Continue Reading FTC Reaches Settlement with Tapjoy for Allegedly Deceiving Consumers About In-Game Rewards

Washington State Hearing on Latest Privacy Bill Highlights Competing Interests For Best Practices and Data Minimization 

On January 14, 2020, Washington’s State Senate Committee on Environment, Energy & Technology received public testimony about Senate Bill 5062, the “Washington Privacy Act.”  Representatives from trade associations, the Attorney General’s Office, and civil rights groups offered recommendations to eliminate perceived loopholes and clarify bill provisions.

This post highlights recurring issues from the public hearing.
Continue Reading Washington State Hearing on Latest Privacy Bill Highlights Competing Interests For Best Practices and Data Minimization

Judge Freeman of the U.S. District Court for the Northern District of California dismissed a class action against Google and several YouTube channel owners alleging various violations under California state law.  Plaintiffs alleged Defendants infringed their children’s privacy and consumer rights by collecting personal information and delivering targeted advertisements while they viewed child-directed YouTube videos.  However, the court found that Plaintiffs’ claims were expressly preempted by the federal Children’s Online Privacy Protection Act (“COPPA”), and dismissed the case with leave to amend.
Continue Reading California District Court Tosses Kids’ Data Collection Suit, Finds COPPA Preempts State Law

Last year, Californians passed proposition 24, also known as the California Privacy Rights Act (“CPRA”). That law makes several changes to the California Consumer Privacy Act (“CCPA”), including some that relate to an organization’s cybersecurity practices.
Continue Reading Four Key Cyber Takeaways from The CPRA

Yesterday, the California Attorney General (“AG”) proposed a fourth set of modifications to the California Consumer Privacy Act regulations. These modifications build on the third set of proposed regulations released by the AG in October, which we discussed here. Interested parties have until December 28 to submit comments in response.
Continue Reading California Attorney General Releases Fourth Set of Proposed Modifications to California Consumer Privacy Act Regulations