Photo of Lindsey Tonsager

Lindsey Tonsager helps national and multinational clients in a broad range of industries anticipate and effectively evaluate legal and reputational risks under federal and state data privacy and communications laws.

In addition to assisting clients engage strategically with the Federal Trade Commission, the U.S. Congress, and other federal and state regulators on a proactive basis, she has experience helping clients respond to informal investigations and enforcement actions, including by self-regulatory bodies such as the Digital Advertising Alliance and Children’s Advertising Review Unit.

Ms. Tonsager’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of endorsements and testimonials in advertising and social media, the collection of personal information from children and students online, behavioral advertising, e-mail marketing, artificial intelligence the processing of “big data” in the Internet of Things, spectrum policy, online accessibility, compulsory copyright licensing, telecommunications and new technologies.

Ms. Tonsager also conducts privacy and data security diligence in complex corporate transactions and negotiates agreements with third-party service providers to ensure that robust protections are in place to avoid unauthorized access, use, or disclosure of customer data and other types of confidential information. She regularly assists clients in developing clear privacy disclosures and policies―including website and mobile app disclosures, terms of use, and internal social media and privacy-by-design programs.

On July 17, 2020, the High-Level Expert Group on Artificial Intelligence set up by the European Commission (“AI HLEG”) published The Assessment List for Trustworthy Artificial Intelligence (“Assessment List”). The purpose of the Assessment List is to help companies identify the risks of AI systems they develop, deploy or procure, and implement appropriate measures to mitigate those risks.

The Assessment List is not mandatory, and there isn’t yet a self-certification scheme or other formal framework built around it that would enable companies to signal their adherence to it.  The AI HLEG notes that the Assessment List should be used flexibly; organizations can add or ignore elements as they see fit, taking into consideration the sector in which they operate. As we’ve discussed in our previous blog post here, the European Commission is currently developing policies and legislative proposals relating to trustworthy AI, and it is possible that the Assessment List may influence the Commission’s thinking on how organizations should operationalize requirements relating to this topic.

Continue Reading AI Update: EU High-Level Working Group Publishes Self Assessment for Trustworthy AI

Last week, Senators Amy Klobuchar (D-MN) and Lisa Murkowski (R-AK) introduced the Protecting Personal Health Data Act (S. 1842), which would provide new privacy and security rules from the Department of Health and Human Services (“HHS”) for technologies that collect personal health data, such as wearable fitness trackers, social-media sites focused on health data or conditions, and direct-to-consumer genetic testing services, among other technologies.  Specifically, the legislation would direct the HHS Secretary to issue regulations relating to the privacy and security of health-related consumer devices, services, applications, and software. These new regulations will also cover a new category of personal health data that is otherwise not protected health information under HIPAA.
Continue Reading IoT Update: Senators Introduce Legislation to Regulate Privacy and Security of Wearable Health Devices and Genetic Testing Kits

The Federal Communications Commission received over 300 comments from the public regarding its proposals to allow broadcast television stations to voluntarily participate in an auction of their spectrum to mobile broadband providers and to involuntarily repack remaining television stations into a smaller television spectrum band.  Broadcast television station groups, individual stations, mobile broadband providers, wireless microphone operators, proponents of unlicensed spectrum uses, equipment manufacturers, radio astronomers, wireless medical device makers, and a variety of trade associations weighed in on the Commission’s proposals.  There was significant disagreement on a number of the FCC’s proposals — including the extent to which viewers’ existing television services should be preserved in the repacking, the timeframe to complete the repacking, and how to address wireless microphones and unlicensed uses in the spectrum band.  However, at least three key areas of general industry agreement emerged:
Continue Reading SpectrumWatch: 3 Key Areas of Industry Agreement Regarding the FCC’s Spectrum Auction and Repacking Proposals

The Federal Communications Commission published a reminder to service providers and equipment manufacturers that provide advanced communications services — such as e-mail, instant messaging, Voice over Internet Protocol, and interoperable video conferencing services — or telecommunications services that are subject to Section 255 of the Communications Act to begin maintaining records by January 30, 2013 of the efforts they take to make their services and equipment accessible.
Continue Reading Recordkeeping Reminder for Service Providers and Equipment Manufacturers Offering Advanced Communications Services and Telecommunications Services

Path, a social networking mobile app, has agreed to enter into a settlement with the Federal Trade Commission (“FTC”) regarding charges that the company deceived consumers by collecting contact information from users’ mobile address books without notice and consent.  The agreement also resolves charges that the company violated the Children’s Online Privacy Protection Act (“COPPA”) by collecting personal information from children under  13 years old without parental notice and consent.  Path did not admit any liability by entering into the consent decree, which is for settlement purposes only.

The FTC alleged that the Path application included an “Add Friends” feature that allowed users to make new connections within the app.  Users were given three options when using the “Add Friends” functionality:  “Find friends from your contacts,” “Find Friends from Facebook,” or “Invite friends to join Path by email or SMS.”  Regardless of which option was chosen, Path automatically collected and stored contact information from the address book on the user’s mobile phone.  The FTC argued that this practice was contrary to representations made in the company’s privacy policy that only certain technical information, such as IP address, browser type, and site activity information, was automatically collected from the user.  Under the settlement, Path agreed to implement a comprehensive privacy program and obtain biennial, independent privacy assessments for the next twenty years.
Continue Reading FTC Settles Deception, COPPA Charges Against Social Networking App Path

This week the United Kingdom completed its five-year transition from analog to digital broadcast television operations.  The switch to digital has allowed broadcasters in the UK to offer more channels and high-definition television services to the public.  In addition, the transition freed up spectrum that the UK government will auction for fourth generation (4G) mobile broadband services in the upcoming year. 
Continue Reading Spectrum Watch: UK Completes Digital Television Transition, With Plans to Auction Freed Up Spectrum for 4G Services Within a Year

The Federal Communications Commission (“FCC”) has requested comments on a Petition for Reconsideration concerning the FCC’s commercial volume rules.  These rules, which implement the 2010 Commercial Advertisement Loudness Mitigation (“CALM”) Act, require television broadcasters, digital cable operators, and other digital multichannel video programming distributors to follow a technical standard that is designed to prevent television 

By Lindsey Tonsager and Shel Abramson

Earlier this morning, the FTC proposed additional revisions to the rule implementing the Children’s Online Privacy Protection Act (“COPPA”).  COPPA governs the online collection, use, and disclosure of children’s personal information by (1) operators of websites and online services that are directed to children under the age of 13