Overview

We help companies involved in the advertising technology (AdTech) marketplace handle matters related to data privacy and consumer protection under federal and state laws, including assisting with government investigations and inquiries. Our cross-disciplinary team includes former Federal Trade Commission (FTC) officials and seasoned privacy attorneys who advise on compliance and contractual approaches to deal with federal, state, and international privacy and data laws.

We advise digital platforms, advertisers, and AdTech intermediaries on a range of matters including compliance with the ever-changing patchwork of privacy and data transfer laws, transactional due diligence and negotiation, and government investigations. Our team has deep expertise advising on compliance with state, federal, and foreign privacy laws, drafting contractual clauses to meet EU General Data Protection Regulation (GDPR) standards for cross-border data flows, and spotting issues in mergers and transactions that could lead to successor liability – such as undisclosed consent violations, hidden tracking technology liabilities, cross-border data transfer gaps, and third-party vendor compliance risks that could result in significant penalties or operational restrictions post-closing. To help clients prepare ahead of time for changes in the law, we also work with our policy advisors to monitor pending legislation.

State Consumer Privacy Laws

Numerous states’ privacy laws impose requirements on companies engaged in digital advertising, including laws related to data broker activity. We advise companies ranging from publicly traded firms to startups on navigating this patchwork of state laws. This includes obligations triggered by the use of tracking technologies – small pieces of code that collect user data and share it with third-party platforms for advertising purposes. We also advise on requirements for providing notice and opt-outs; data collection and consent; and using, processing, and transferring sensitive data, including through software development kits (SDKs).

State and Federal Consumer Protection Laws

We advise clients on compliance with the FTC Act’s prohibition on unfair and deceptive acts and practices (UDAP), as well as analogous state unfair competition and trade practices statutes, or “mini-FTC Acts.” Our team of former senior FTC officials and privacy experts understands what can trigger regulatory scrutiny and how to minimize litigation risk. In the AdTech space, these laws are often applied in reviewing transfers of sensitive consumer data.

Children’s Privacy Laws

Protecting children online, including from targeted advertising, is a key priority for a wide array of state and federal regulators. We work with businesses to create products and services that comply with the Children’s Online Privacy Protection Act (COPPA) as well as state laws that regulate targeted advertising directed to minors.

Digital Health Care, Health, and Biometric Privacy Laws

The regulatory landscape for health privacy presents numerous challenges for companies. State data privacy laws like Washington's My Health My Data Act (MHMD) and the Illinois Biometric Information Privacy Act (BIPA) not only impose substantive obligations but also include a private right of action. Additionally, the FTC has enforced and amended its Health Breach Notification Rule (HBNR) in recent years, after many years of dormancy. Despite adopting the rule in 2009, the FTC brought its first enforcement action under the rule in 2023, reflecting renewed regulatory focus on the growing use of health apps and connected devices that collect consumer health data outside of HIPAA's protections.

Data Broker Laws

We advise on emerging state data broker laws that impose obligations on companies that collect, sell, or transfer consumer data. We also counsel companies on compliance with new federal regulatory frameworks:

  • The U.S. Department of Justice’s Bulk U.S. Sensitive Personal Data Rule restricts certain types of data brokerage and data transfers involving individuals or entities linked to “countries of concern” (including China).
  • The Protecting Americans’ Data From Foreign Adversaries Act (PADFA), which is enforced by the FTC, prohibits data brokers from selling, licensing, disclosing, or transferring personally identifiable sensitive data of U.S. citizens to certain countries as well.

We help companies understand which of these laws apply to them and build out compliance approaches that are scalable, defensible, and responsive to evolving legal requirements.

Representative Matters in AdTech and Privacy Compliance

  • Provide advice for digital advertising platforms on compliance with the FTC Act and other ad tech laws.
  • Counsel gaming platforms on U.S. data privacy laws.
  • Advise health tech apps on compliance with HIPAA and other privacy laws.
  • Advise clients on advertising requirements to comply with state privacy laws and the GDPR.
  • Counsel clients on compliance with COPPA.
  • Advise clients on FTC and state laws concerning promotions, contests, and sweepstakes, including promotions with user-generated content.
  • Guide clients on regulators’ increasing focus on transfers of sensitive data, such as health information, precise geolocation data, and biometrics.
  • Advise companies on contractual provisions regarding personal data transfers for digital advertising, including assessing regulatory risks.

Representative Matters in AdTech Investigations

  • Negotiated settlement of FTC matter regarding geolocation data transfers
  • Represent companies in state investigations and private litigation regarding personal data transfers.
  • Successfully represented cutting-edge technology companies in FTC inquiries where investigations were ultimately closed.
  • Handle all aspects of FTC and state attorney general investigations, including responses to Civil Investigative Demands and subpoenas, advocacy with staff, and meetings with agency leadership.
  • Experience in managing FTC investigations of digital advertising campaigns and online platforms’ advertising and marketing practices, including multi-state investigations.

Contact Us

Duane C. Pozza
202.719.4533 | dpozza@wiley.law

Joan Stewart
202.719.7438 | jstewart@wiley.law

View all practice area professionals >

Wiley Rein LLP Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek