Privacy Regulatory Investigations & Enforcement
We have represented clients in over 100 governmental inquiries.
Companies face rigorous scrutiny of their privacy and data security practices from a growing number of federal, state, and foreign regulators with ever-expanding mandates and increasingly aggressive use of investigative and remedial powers.
Perkins Coie handles some of the highest profile privacy, data security, and consumer protection investigations and enforcement actions initiated by the Federal Trade Commission (FTC), state attorneys general, local regulators, and foreign data protection authorities. Our clients rely on us for our knowledge and deep bench, including attorneys with experience as former officials of the FTC, state attorneys general offices, and other federal and state regulatory bodies.
Our lawyers represent clients in all stages of investigations. We are well-versed in the dynamics of multistate attorneys general investigations and in serving as global coordinating counsel in investigations spanning U.S. and foreign regulators. Our lawyers also defend clients in litigation when government authorities file enforcement actions in court or in administrative tribunals. When investigations end with compliance orders, we help companies create and manage compliance programs, obtain any required third-party assessments, and defend inquiries into compliance with such orders. We also advocate for clients in formal and informal congressional investigations as well as on public policy issues, such as in agency rulemakings and in connection with legislative activity.
Companies in a wide array of industries, ranging from startups to some of the world’s largest corporations, trust Perkins Coie to defend them in these matters. In all our work, we bring to bear a powerful blend of substantive privacy and security expertise, facility with technology, ability to work efficiently with engineers and business people, and tenacity in fighting for our clients.
How we help clients
- Cybersecurity incidents and data security practices.
- Children’s Online Privacy Protection Act (COPPA) and other children’s privacy issues.
- Artificial intelligence and machine learning (AI/ML) and biometric technologies.
- Internet of Things (IoT) and connected device privacy and security.
- Fair Credit Reporting Act (FCRA), Gramm-Leach Bliley Act (GLBA), and other financial privacy issues.
- Online and mobile advertising practices.
- State privacy laws such as the California Consumer Privacy Act (CCPA).
Our Team
Professional Experience
We have represented clients in over 100 governmental inquiries regarding privacy, security, and AI/ML. Representative examples of our work include:
- Represented a leading technology company in investigations by the FTC, Congress, state attorneys general, local governmental bodies, and foreign data protection authorities regarding a data security incident and defended the company in litigation filed by state and local government authorities. Negotiated resolution or closure of all matters, including a settlement with 51 state attorneys general.
- Represented an educational technology provider in an FTC investigation regarding the use of AI and biometric technology, data security and data retention practices, and COPPA compliance. Obtained closure of the investigation without enforcement action.
- Represented a major technology company in an extensive FTC investigation regarding the use of AI/ML for selection and filtering of user-generated content, as well as COPPA issues. Obtained closure of the investigation without enforcement action.
- Defended the operator of a mobile app store in a lawsuit brought by the FTC in federal district court regarding in-app charges in mobile apps geared toward children. Persuaded the court to deny all requested injunctive relief.
- Represented one of the world’s largest device manufacturers in an investigation by the FTC and a coalition of 32 state attorneys general regarding privacy and data security issues in software installed on consumer devices. Negotiated settlements resolving all claims of both the FTC and the state attorneys general.
- Represented an app developer in an FTC investigation into the collection, use, and disclosure of geolocation information, including the de-identification of such information, and application programming interface (API)-sharing practices. Obtained closure of the investigation without enforcement action.
- Represented interactive technology provider in FTC investigation regarding COPPA and data security issues for a connected device that leveraged AI/ML and was marketed to children. Persuaded the agency not to require any response to its civil investigative demand (CID) following presentations to the agency and obtained closure of the investigation without enforcement action.
- Represented a leading technology company following a high-profile privacy issue in an FTC investigation regarding whether user information had been shared with third parties or made public outside the scope of the original notice and consent. Resolved the FTC’s allegations through a groundbreaking consent order that was the first to require a comprehensive privacy program and also the first FTC settlement of allegations of substantive violations of a cross-border transfer arrangement.
- Represented numerous companies in responding to inquiries from the California attorney general’s office under the California Consumer Privacy Act (CCPA).