Photo of Kathryn Cahoy

Kathryn Cahoy

Kate Cahoy co-chairs the firm's Class Actions Litigation Practice Group and serves on the leadership committee for the firm’s Technology Industry Group. She defends clients in complex, high-stakes class action disputes and has achieved significant victories across various industries, including technology, entertainment, consumer products, and financial services. Kate has also played a key role in developing the firm’s mass arbitration defense practice. She regularly advises companies on the risks associated with mass arbitration and has a proven track record of successfully defending clients against these challenges.

Leveraging her success in class action litigation and arbitration, Kate helps clients develop strategic and innovative solutions to their most challenging legal issues. She has extensive experience litigating cases brought under California’s Section 17200 and other consumer protection, competition, and privacy laws, including the Sherman Act, California Consumer Privacy Act (CCPA), California Invasion of Privacy Act (CIPA), Wiretap Act, Stored Communications Act, Children’s Online Privacy Protection Act (COPPA), Video Privacy Protection Act (VPPA), along with common law and constitutional rights of privacy, among others.

Recent Successes:

Represented Meta (formerly Facebook) in a putative nationwide advertiser class action alleging violations under the California Unfair Competition Law (UCL) related to charges from allegedly “fake” accounts. Successfully narrowed claims at the pleadings stage, defeated class certification, opposed a Rule 23(f) petition, won summary judgment, and defended the victory on appeal to the Ninth Circuit. The Daily Journal selected Covington’s defense of Meta as one of its 2021 Top Verdicts, and Law.com recognized Kate as a Litigator of the Week Shoutout.
Defeated a landmark class action lawsuit against Microsoft and OpenAI contending that the defendants scraped data from the internet for training generative AI services and incorporated data from users’ prompts, allegedly in violation of CIPA, the Computer Fraud and Abuse Act (CFAA), and other privacy and consumer protection laws.

Kate regularly contributes to the firm’s blog, Inside Class Actions, and was recently featured in a Litigation Daily interview titled “Where Privacy Laws and Litigation Trends Collide.” In recognition of her achievements in privacy and antitrust class action litigation, the Daily Journal named her as one of their Top Antitrust Lawyers (2024), Top Cyber Lawyers (2022), and Top Women Lawyers in California (2023). Additionally, she received the Women of Influence award from the Silicon Valley Business Journal and was recognized by Daily Journal as a Top Attorney Under 40.

Capture of personal or private information is a prerequisite to Article III standing in wiretapping cases brought under the California Invasion of Privacy Act (“CIPA”).  As we reported on here, when a plaintiff fails to plead the capture of any such information, courts have dismissed the plaintiff’s complaint for

Continue Reading Collection of Website Visit Time Stamp Not Enough to Confer Article III Standing

“Session replay” software is one of many website analytics tools targeted in wiretapping suits under the California Invasion of Privacy Act (“CIPA”).  Last month, a California federal court confirmed one of the many reasons why the use of this software does not violate CIPA section 631: A defendant cannot “read” (or attempt to read) session replay data “in transit,” as CIPA requires, because “events recorded by” this software “do not become readable content until after they are stored and reassembled into a session replay.”  Torres v. Prudential Financial, Inc., 2025 WL 1135088 (N.D. Cal. Apr. 17, 2025). Continue Reading Court Grants Summary Judgment: Website Vendor Cannot Read “Session Replay” Data “In Transit” Under CIPA

Last week, the Second Circuit affirmed dismissal of a putative class action under the Video Privacy Protection Act (VPPA), holding that the alleged transmission of code containing video titles and a unique user ID to a third-party is not a disclosure of “personally identifiable information” (PII). The decision, Solomon v. Flipps Media, Inc., 23‐7597 (2d Cir. May 1, 2025), aligns the Second Circuit with the Third and Ninth Circuits in holding that the VPPA only prohibits the disclosure of information that would “readily permit an ordinary person to identify a specific individual’s video-watching behavior.” Continue Reading Second Circuit Affirms VPPA Dismissal: Data Is Not “Personally Identifiable Information” If Only Experts Can Decipher It

Does a plaintiff’s use of a website constitute consent to a privacy policy linked in the website’s footer?  A Pennsylvania federal court answered yes in Popa v. Harriet Carter Gifts, Inc., 2025 WL 896938 (W.D. Pa. Mar. 24, 2025), granting summary judgment in favor of an online retailer (Harriet Carter Gifts) and its marketing partner (NaviStone) accused of collecting data about plaintiff’s website visit in violation of the Pennsylvania Wiretapping and Electronic Surveillance Control Act (“WESCA”).Continue Reading Implied Consent to Privacy Policy in Webpage Footer Forecloses Website Wiretapping Claim

Early this month, a Northern District of California judge dismissed, with prejudice, a putative class action complaint asserting five privacy-related causes of action, concluding the “issue of consent defeat[ed] all of Plaintiffs’ claims.”  Lakes v. Ubisoft, Inc., –F. Supp. 3d–, 2025 WL 1036639 (N.D. Cal. Apr. 2, 2025).  Specifically, the Court dismissed plaintiffs’ claims under the (1) Video Privacy Protection Act (“VPPA”); (2) Federal Wiretap Act; (3) California Invasion of Privacy Act (“CIPA”) § 631; (4) common law invasion of privacy; and (5) Article I, Section 1 of the California Constitution. Continue Reading California Court Holds Plaintiffs’ Consent Defeats Claims Involving Use of Website Pixel

A fan of celebrity LL Cool J filed a wiretapping suit against Community.com (“Community”), claiming that Community accessed her text message to LL Cool J in violation of the federal Wiretap Act and the California Invasion of Privacy Act (“CIPA”).  In an unpublished opinion highlighting that Section 632 of CIPA does not protect communications that are by nature a recorded medium, the Ninth Circuit affirmed dismissal of the plaintiff’s claims. See Boulton v. Community.com, Inc., No. 23-3145, 2025 WL 314813 (9th Cir. Jan. 28, 2025).Continue Reading Ninth Circuit Affirms Dismissal of CIPA and Wiretap Act Claims Against Celebrity Platform

Website analytics and advertising tools, such as pixels, are regularly targeted in lawsuits brought under various wiretap laws, including the federal Wiretap Act and the California Invasion of Privacy Act (“CIPA”).  Over the last several months, we have featured posts discussing an important decision from Massachusetts’ highest court about the availability of website wiretap suits under Massachusetts law, an opinion from a California court about a new “pen register” theory under CIPA, and more.  These posts, and other highlights, include the following:Continue Reading Website Wiretapping Litigation: Recent Decisions and Developments

After removing a lawsuit brought against it in Pennsylvania state court under the Wiretapping and Electronic Surveillance Control Act (“WESCA”) to the United States District Court for the Eastern District of Pennsylvania, Prime Hydration LLC argued in its motion to dismiss that the plaintiff lacked Article III standing.  Judge Nitza I. Quiñones Alejandro agreed and remanded the case to state court.  Heaven v. Prime Hydration LLC, 2025 WL 42964, at *7 (E.D. Pa. Jan. 7, 2025).

Plaintiff Shantay Heaven filed a putative class action in the Philadelphia Court of Common Pleas asserting that Prime Hydration allowed third parties to track the activity of visitors to Prime Hydration’s website.  Id. at *1.  Plaintiff asserted that Prime Hydration integrated the third-party pixels into its website.  Id. at *2.  Those two pieces of code, Plaintiff alleged, allowed Prime Hydration to capture “her searches for drink flavors, . . . and that this information was transmitted to” the third-party servers.  Id. at *6.Continue Reading Pennsylvania District Court Judge Remands Case After Finding No Article III Standing to Bring Wiretapping Claim

Plaintiffs sometimes try to sidestep an arbitration agreement with one company by suing only a second company for interrelated conduct.  Last month, a California federal court applied principles of fairness under the doctrine of “equitable estoppel” to reject this tactic, holding that a software vendor (Twilio) could enforce a plaintiff’s arbitration agreement with a website operator (Keeps) that was not named as a defendant.  Perry-Hudson v. Twilio, Inc., 2024 WL 493333 (N.D. Cal. Dec. 2, 2024).Continue Reading California Federal Court Allows Software Vendor to Enforce Website Operator’s Arbitration Agreement in Privacy Lawsuit

Websites cannot load without the transmission of an IP address, which tells websites where to deliver the webpages displayed on a user’s browser.  Yet a number of lawsuits have started challenging this routine transmission of IP addresses under a lesser-known provision of the California Invasion of Privacy Act (“CIPA”) that

Continue Reading Court Holds CIPA’s Pen Register Provision Does Not Impose Liability for “What Makes the Internet Possible.”