Photo of Kathryn Cahoy

Kathryn Cahoy

Kate Cahoy co-chairs the firm’s Class Action Litigation Practice Group and serves on the leadership committee for the firm’s Technology Industry Group. A highly skilled litigator, she defends clients in complex, high-stakes class action disputes, securing significant victories across various industries, including technology, entertainment, consumer products, and financial services. Kate also plays a key role in the firm’s mass arbitration defense practice. She regularly advises companies on the risks associated with mass arbitration and has a proven track record of successfully defending clients against these challenges.

Leveraging her success in class action litigation and arbitration, Kate helps clients develop strategic and innovative solutions to their most challenging legal issues. She has extensive experience litigating cases brought under California’s Section 17200 and other consumer protection, competition, and privacy laws, including the Sherman Act, California Consumer Privacy Act (CCPA), California Invasion of Privacy Act (CIPA), Wiretap Act, Stored Communications Act, Children’s Online Privacy Protection Act (COPPA), Video Privacy Protection Act (VPPA), along with common law and constitutional rights of privacy, among others.

Kate’s exceptional legal work has earned widespread recognition. The Daily Journal named her successful defense of Meta and Microsoft cases described below as among its Top Verdicts, recognizing some of the largest and most impactful verdicts in California.

Recent Successes:

Represented Meta (formerly Facebook) in a putative nationwide advertiser class action alleging violations under the California Unfair Competition Law (UCL) related to charges from allegedly “fake” accounts. Successfully narrowed claims at the pleadings stage, defeated class certification, opposed a Rule 23(f) petition, won summary judgment, and defended the victory on appeal to the Ninth Circuit. (Daily Journal, Top Verdicts of 2021. Law.com recognized Kate with a Litigator of the Week Shoutout.
Defeated a landmark class action lawsuit against Microsoft and OpenAI contending that the defendants scraped data from the internet for training generative AI services and incorporated data from users’ prompts, allegedly in violation of CIPA, the Computer Fraud and Abuse Act (CFAA), and other privacy and consumer protection laws. (Daily Journal, Top Verdicts of 2024.)

Kate regularly contributes to the firm’s blog, Inside Class Actions, and was recently featured in a Litigation Daily interview titled “Where Privacy Laws and Litigation Trends Collide.” In recognition of her achievements in privacy and antitrust class action litigation, the Daily Journal named her as one of their Top Antitrust Lawyers (2024), Top Cyber Lawyers (2022), and Top Women Lawyers in California (2023). Additionally, she received the Women of Influence award from the Silicon Valley Business Journal, was recognized by the Daily Journal as a Top Attorney Under 40, and also was named to Bloomberg Law's They've Got Next: The 40 Under 40 list.

Contact:Read more about Kathryn CahoyEmail

As businesses increasingly deploy AI-powered call centers to streamline customer service, plaintiffs have turned to decades-old wiretapping laws to challenge these tools. In a recent decision, however, an Illinois federal district court held that use of an AI call analysis platform without caller consent does not violate the federal Wiretap Act because it falls within the statute’s ordinary course of business exception. Lisota v. Heartland Dental, LLC, 2026 WL 91667, at *6 (N.D. Ill. Jan. 13, 2026).Continue Reading Use of AI Call Center Without Consent Not a Federal Wiretap Violation, Court Holds

In 2025, courts continued to issue significant decisions concerning the application of wiretap and privacy laws to pixels, session replay, and other website technologies. Over the past year, we have featured posts discussing claims regarding website analytics and advertising tools brought under the federal Wiretap Act, the California Invasion of Privacy Act (“CIPA”), the Video Privacy Protection Act (“VPPA”), and other laws.  A selection of posts highlighting important developments in this area is below. Continue Reading Website Wiretapping Roundup: 2025 Decisions and Developments 

Last week, the Third Circuit affirmed dismissal of a putative class action asserting that defendant Quest Diagnostics violated the California Invasion of Privacy Act (“CIPA”) and the Confidentiality of Medical Information Act (“CMIA”) by employing a website pixel to track and collect data about their website activity for advertising purposes.  See Cole v. Quest Diagnostics Inc., No. 25-1449, 2025 WL 3172640 (3d Cir. Nov. 13, 2025).  The Third Circuit held that Quest was not liable under CIPA for aiding and abetting wiretapping because no wiretapping had occurred, nor under CMIA because Plaintiffs had not alleged the disclosure of protected “medical information.”Continue Reading Third Circuit Affirms Dismissal of CIPA and CMIA Claims

In a win for businesses using third-party technologies to power their websites, a California federal court applied the Ninth Circuit’s recent decision in Popa v. Microsoft Corporation to dismiss a “pen register” claim brought under the California Invasion of Privacy Act (“CIPA”) for lack of Article III standing.  Khamooshi v. Politico LLC, No. 24-cv-07836-SK, 2025 WL 2822879 (N.D. Cal. Oct. 2, 2025).  “As in Popa,” the Khamooshi court held that the plaintiffs—who alleged the collection of their device type, browser type, and “device fingerprints”—“identifie[d] no embarrassing, invasive, or otherwise private information collected,” as required to establish an Article III injury. Continue Reading Court Applies Popa to Dismiss CIPA Pen Register Claim for Lack of Article III Standing

Heath and health-adjacent websites, from home pregnancy test companies to eyewear companies, continue to be a target for wiretapping lawsuits if they use pixels or other common-place third-party technologies.  A Texas federal court recently dismissed one such suit challenging the use of website pixels by Eyemart Express, LLC, a company

Continue Reading Eyewear Company Wins Dismissal of Pixel Wiretapping Suit

In a decision with implications for classwide settlement of privacy lawsuits, Magistrate Judge Joseph C. Spero of the Northern District of California held that claims under the Video Privacy Protection Act (VPPA) are personal to individual class members and therefore not assignable to third parties.  The decision, Stark v. Patreon, Inc., No. 22-cv-03131-JCS (N.D. Cal. June 5, 2025), invalidated a mass opt-out effort orchestrated by Lexclaim Recovery Group US LLC (“Lexclaim”), a third-party entity that claimed it was founded to “help people recover a greater share of the money to which they would be entitled in class action cases.”Continue Reading California Federal Court Holds VPPA Claims Are Not Assignable, Rejecting Third-Party Opt-Out Scheme

Capture of personal or private information is a prerequisite to Article III standing in wiretapping cases brought under the California Invasion of Privacy Act (“CIPA”).  As we reported on here, when a plaintiff fails to plead the capture of any such information, courts have dismissed the plaintiff’s complaint for

Continue Reading Collection of Website Visit Time Stamp Not Enough to Confer Article III Standing

“Session replay” software is one of many website analytics tools targeted in wiretapping suits under the California Invasion of Privacy Act (“CIPA”).  Last month, a California federal court confirmed one of the many reasons why the use of this software does not violate CIPA section 631: A defendant cannot “read” (or attempt to read) session replay data “in transit,” as CIPA requires, because “events recorded by” this software “do not become readable content until after they are stored and reassembled into a session replay.”  Torres v. Prudential Financial, Inc., 2025 WL 1135088 (N.D. Cal. Apr. 17, 2025). Continue Reading Court Grants Summary Judgment: Website Vendor Cannot Read “Session Replay” Data “In Transit” Under CIPA

Last week, the Second Circuit affirmed dismissal of a putative class action under the Video Privacy Protection Act (VPPA), holding that the alleged transmission of code containing video titles and a unique user ID to a third-party is not a disclosure of “personally identifiable information” (PII). The decision, Solomon v. Flipps Media, Inc., 23‐7597 (2d Cir. May 1, 2025), aligns the Second Circuit with the Third and Ninth Circuits in holding that the VPPA only prohibits the disclosure of information that would “readily permit an ordinary person to identify a specific individual’s video-watching behavior.” Continue Reading Second Circuit Affirms VPPA Dismissal: Data Is Not “Personally Identifiable Information” If Only Experts Can Decipher It

Does a plaintiff’s use of a website constitute consent to a privacy policy linked in the website’s footer?  A Pennsylvania federal court answered yes in Popa v. Harriet Carter Gifts, Inc., 2025 WL 896938 (W.D. Pa. Mar. 24, 2025), granting summary judgment in favor of an online retailer (Harriet Carter Gifts) and its marketing partner (NaviStone) accused of collecting data about plaintiff’s website visit in violation of the Pennsylvania Wiretapping and Electronic Surveillance Control Act (“WESCA”).Continue Reading Implied Consent to Privacy Policy in Webpage Footer Forecloses Website Wiretapping Claim