Privacy and Security related image, digital thumbprint

Privacy Regulatory Investigations & Enforcement

Companies face rigorous scrutiny of their privacy, data security, and artificial intelligence (AI) practices from federal, state, and foreign regulators with expanding mandates and willingness to aggressively use their investigative and remedial powers.

Perkins Coie has handled some of the highest profile privacy, data security, and consumer protection investigations and enforcement actions initiated by the Federal Trade Commission (FTC), state attorneys general, local regulators, and foreign data protection authorities. Businesses from large multinationals to startups rely on Perkins Coie for our knowledge and skill, our tenacity, and our deep bench, including lawyers with experience as former FTC officials, in state attorneys general offices, and with other federal and state regulatory bodies.

Our lawyers represent clients in all stages of governmental investigations. We are well-versed in the dynamics of multistate attorneys general investigations and in serving as global coordinating counsel in investigations spanning U.S. and foreign regulators. Our lawyers also defend clients in litigation when government authorities file enforcement actions in court or in administrative tribunals.

When investigations end with compliance orders, we help companies create and manage compliance programs, obtain any required third-party assessments, and defend inquiries into compliance with such orders. We also advocate for clients in formal and informal congressional investigations and on public policy issues, such as agency rulemakings and in connection with legislative activity.

How we help clients

Cybersecurity incidents and data security practices
Children's Online Privacy Protection Act (COPPA) and other children's privacy and online safety issues
Artificial intelligence
Cookies/web tracker technologies, geolocation and other sensitive data issues, Do Not Sell requirements, and sufficiency of privacy notices and privacy rights under state comprehensive consumer privacy laws
Biometric technologies
Internet of Things (loT) and connected device privacy and security
Fair Credit Reporting Act (FCRA), Gramm-Leach Bliley Act (GLBA), and other financial privacy issues
Online and mobile advertising practices
Advertising substantiation, false advertising, and marketing issues

Our Team

View full team

Janis Kestenbaum

Partner

JKestenbaum@perkinscoie.com

Notice

Before proceeding, please note: If you are not a current client of Perkins Coie, please do not include any information in this e-mail that you or someone else considers to be of a confidential or secret nature. Perkins Coie has no duty to keep confidential any of the information you provide. Neither the transmission nor receipt of your information is considered a request for legal advice, securing or retaining a lawyer. An attorney-client relationship with Perkins Coie or any lawyer at Perkins Coie is not established until and unless Perkins Coie agrees to such a relationship as memorialized in a separate writing.

Rebecca S. Engrav

Partner

REngrav@perkinscoie.com

Notice

206.359.6168

Insights

More insights

metal justice statue with sky in background in Frankfurt am Main, Germany

Blog

April 29, 2025

Professional Experience

We have represented clients in more than 100 governmental inquiries regarding privacy, data security, and artificial intelligence. Representative examples of our work include:

Represented a leading technology company in investigations by the FTC, Congress, state attorneys general, local governmental bodies, and foreign data protection authorities regarding a data security incident and defended the company in litigation filed by state and local government authorities. Negotiated resolution or closure of all matters, including a settlement with 51 state attorneys general.
Represented a major technology company in an extensive FTC investigation regarding child online safety issues from use of Al for selection and filtering of user-generated content, as well as COPPA issues. Obtained closure of the investigation without enforcement action.
Represented an educational technology provider in an FTC investigation regarding the use of Al and biometric technology, data security and data retention practices, and COPPA compliance. Obtained closure of the investigation without enforcement action.
Represented an AI startup in an FTC investigation regarding the accuracy and lawfulness of the company’s marketing claims regarding the technical features and abilities of its product. Obtained closure of the investigation without enforcement action.
Represented an online consumer service in FTC inquiry regarding the use of consumer content for AI model training.
Represented an AI transcription service in responding to an inquiry from the California attorney general’s office. The government took no further action.
Defended the operator of a mobile app store in a lawsuit brought by the FTC in federal district court regarding in-app charges in mobile apps geared toward children. Persuaded the court to deny all requested injunctive relief.
Represented one of the world's largest device manufacturers in an investigation by the FTC and a coalition of 32 state attorneys general regarding privacy and data security issues in software installed on consumer devices. Negotiated settlements resolving all claims of both the FTC and the state attorneys general.
Represented multiple online consumer services in responding to inquiries from the California attorney general’s office regarding compliance with the California Consumer Protection Act (CCPA), including issues such as Do Not Sell, cookie/web tracker practices, privacy notices, and privacy rights.
Represented multiple online consumer services in responding to inquiries from the Texas attorney general’s office regarding compliance with the Texas Data Privacy and Security Act (TDPSA), including issues such as collection of sensitive data, sharing of data, privacy notices, and privacy rights.
Represented a social media platform in inquiry from Texas attorney general’s office into content moderation and deplatforming practices and decisions.
Represented multiple online consumer services in responding to inquiries from the Connecticut attorney general’s office regarding compliance with the Connecticut Data Privacy Act.
Represented an online consumer content service and an online gaming platform in response to subpoenas from the New York attorney general’s office regarding COPPA, content moderation, AI, and advertising issues.
Represented an app developer in an FTC investigation into the collection, use, and disclosure of geolocation information, including the de-identification of such information, and application programming interface (APl)-sharing practices. Obtained closure of the investigation without enforcement action.
Represented multiple retailers in responding to inquiries from the New York attorney general’s office regarding cookie/web tracker technologies.
Represented a leading online advertising platform in response to investigation from the Massachusetts attorney general’s office regarding advertising for sensitive topics.
Represented an interactive technology provider in FTC investigation regarding COPPA and data security issues for a connected device that leveraged Al and was marketed to children. Persuaded the agency not to require any response to its civil investigative demand (CID) following presentations to the agency and obtained closure of the investigation without enforcement action.
Represented a leading technology company following a high-profile privacy issue in an FTC investigation regarding whether user information had been shared with third parties or made public outside the scope of the original notice and consent. Resolved the FTC's allegations through a groundbreaking consent order that was the first to require a comprehensive privacy program, as well as the first FTC settlement of allegations of substantive violations of a cross-border transfer arrangement.
Represented an online consumer service in an FTC industry study concerning the data collection and use practices of social media and video streaming services, including with respect to teens and children.
Represented a consumer review platform in an FTC investigation concerning the adequacy of disclosures. Obtained closure of investigation without enforcement action.

Privacy Regulatory Investigations & Enforcement

How we help clients

Our Team

Janis Kestenbaum

Notice

Rebecca S. Engrav

Notice

Insights

DOJ’s Bulk Personal Data Rule Becomes Effective–Resources for Compliance

Privacy Law Recap 2024: Data Security

Privacy Law Recap 2024: Data Security

Professional Experience

We have represented clients in more than 100 governmental inquiries regarding privacy, data security, and artificial intelligence. Representative examples of our work include: