Photo of Kathryn Cahoy

Kathryn Cahoy

Kate Cahoy co-chairs the firm's Class Actions Litigation Practice Group and serves on the leadership committee for the firm’s Technology Industry Group. She defends clients in complex, high-stakes class action disputes and has achieved significant victories across various industries, including technology, entertainment, consumer products, and financial services. Kate has also played a key role in developing the firm’s mass arbitration defense practice. She regularly advises companies on the risks associated with mass arbitration and has a proven track record of successfully defending clients against these challenges.

Leveraging her success in class action litigation and arbitration, Kate helps clients develop strategic and innovative solutions to their most challenging legal issues. She has extensive experience litigating cases brought under California’s Section 17200 and other consumer protection, competition, and privacy laws, including the Sherman Act, California Consumer Privacy Act (CCPA), California Invasion of Privacy Act (CIPA), Wiretap Act, Stored Communications Act, Children’s Online Privacy Protection Act (COPPA), Video Privacy Protection Act (VPPA), along with common law and constitutional rights of privacy, among others.

Recent Successes:

  • Represented Meta (formerly Facebook) in a putative nationwide advertiser class action alleging violations under the California Unfair Competition Law (UCL) related to charges from allegedly “fake” accounts. Successfully narrowed claims at the pleadings stage, defeated class certification, opposed a Rule 23(f) petition, won summary judgment, and defended the victory on appeal to the Ninth Circuit. The Daily Journal selected Covington’s defense of Meta as one of its 2021 Top Verdicts, and Law.com recognized Kate as a Litigator of the Week Shoutout.
  • Defeated a landmark class action lawsuit against Microsoft and OpenAI contending that the defendants scraped data from the internet for training generative AI services and incorporated data from users’ prompts, allegedly in violation of CIPA, the Computer Fraud and Abuse Act (CFAA), and other privacy and consumer protection laws.

Kate regularly contributes to the firm’s blog, Inside Class Actions, and was recently featured in a Litigation Daily interview titled “Where Privacy Laws and Litigation Trends Collide.” In recognition of her achievements in privacy and antitrust class action litigation, the Daily Journal named her as one of their Top Antitrust Lawyers (2024), Top Cyber Lawyers (2022), and Top Women Lawyers in California (2023). Additionally, she received the Women of Influence award from the Silicon Valley Business Journal and was recognized by Daily Journal as a Top Attorney Under 40.

JAMS recently has become the latest arbitral institution to publish rules tailored to the unique issues presented by mass arbitration filings.  Mass arbitration filings have become a popular tactic among plaintiffs’ lawyers and a significant source of potential exposure for companies.

Effective May 1, 2024, parties agreeing to arbitration under the JAMS Rules will be able to opt into the application of the Mass Arbitration Procedures and Guidelines (the “Procedures”) and an accompanying Mass Arbitration Procedures Fee Schedule (“Fee Schedule”) for certain mass filings.  The Procedures and Fee Schedule include features similar to those available under the rules of other arbitral institutions, including the American Arbitration Association (the “AAA”) and National Arbitration and Mediation, including the designation of a Process Administrator to hear and determine preliminary and administrative matters in a more streamlined and cost-efficient manner.  For JAMS to assign a Process Administrator, the parties must pay a flat fee of $7,500, at least $5,000 of which shall be paid by the business in consumer mass arbitrations.

We previously discussed here the AAA’s mass arbitration procedures, which were last updated on April 1.  The Procedures adopted by JAMS differ from the AAA’s current mass arbitration procedures in several notable ways, including those summarized in the table below.Continue Reading JAMS Implements New Procedures for Mass Arbitrations

On Tuesday May 16th, the U.S. Supreme Court ruled that a federal district court does not have discretion to dismiss a case where all claims are subject to arbitration and a party has requested a stay. This resolves a long-standing circuit split. Continue Reading Supreme Court Says Courts Cannot Dismiss Claims Pending Arbitration When Stay is Requested

Likely spurred by plaintiffs’ recent successes in cases under Illinois’s Biometric Information Privacy Act (“BIPA”), a new wave of class actions is emerging under Illinois’s Genetic Information Privacy Act (“GIPA”). While BIPA regulates the collection, use, and disclosure of biometric data, GIPA regulates that of genetic testing information. Each has a private right of action and provides for significant statutory damages, even potentially where plaintiffs allege a violation of the rule without actual damages.[1] From its 1998 enactment until last year, there were few GIPA cases, and they were largely focused on claims related to genetic testing companies.[2] More recently, plaintiffs have brought dozens of cases against employers alleging GIPA violations based on allegations of employers requesting family medical history through pre-employment physical exams. This article explores GIPA’s background, the current landscape and key issues, and considerations for employers.Continue Reading Employers Beware: New Wave of Illinois Genetic Information Privacy Act Litigation

The American Arbitration Association (“AAA”) recently published a set of modified Mass Arbitration Supplementary Rules and a new Consumer Mass Arbitration and Mediation Fee Schedule, both effective January 15, 2024.  The modified rules and fee schedule aim to address the increasingly prevalent tactic of plaintiffs’ firms launching mass arbitration campaigns against defendants with arbitration agreements in their consumer contracts.

The AAA defines a mass arbitration as 25 or more similar demands for arbitrations filed against or on behalf of the same party or related parties where representation of all parties is consistent or coordinated across arbitrations.  The modified rules implement the following key changes:Continue Reading AAA Introduces Rule Changes Tailored for Mass Arbitrations

The District Court for the Northern District of Illinois recently granted in part a motion to dismiss a putative class action complaint asserting wiretapping, Illinois Biometric Information Privacy Act (“BIPA”), and consumer protection claims relating to their eufy home security cameras and video doorbells (the “Eufy Products”).  See Sloan, et al. v. Anker Innovations Ltd., No. 22-CV-7174 (N.D. Ill. Jan. 9, 2024).  Plaintiffs contend in their complaint that the Eufy Products applied a facial recognition program to differentiate images of known and unknown individuals within home security services and purportedly misrepresented data storage and encryption practices for the Eufy Products.Continue Reading Illinois Federal Court Partially Dismisses Wiretapping, BIPA Claims Involving Home Security Products

The Ninth Circuit recently upheld a California district court’s dismissal of a proposed class action against Shopify for lack of personal jurisdiction, cautioning that subjecting web-based platforms to jurisdiction in every forum in which they are accessible would lead to the “eventual demise of all restrictions” on personal jurisdiction.

In Briskin v. Shopify, Inc., 2022 WL 1427324 (N.D. Cal. May 5, 2022), the plaintiff alleged that Shopify, a Canadian-based company that provides online merchants throughout the United States with an e-commerce payment platform, violated California privacy and consumer protection laws by allegedly collecting his sensitive personal information while using a California-based retailer’s website.  The district court in the Northern District of California dismissed the action, finding that it lacked both general and specific personal jurisdiction over Shopify. 

A panel of the Ninth Circuit affirmed the district court’s dismissal of the complaint for lack of personal jurisdiction, holding that Shopify could not be subjected to jurisdiction in California where it did not expressly aim the alleged conduct implicated by the lawsuit toward California.  Briskin v. Shopify, Inc., 2023 WL 8225346 (9th Cir. Nov. 28, 2023).  Briskin confirms the Ninth Circuit’s view that for interactive websites and other web-based services and platforms that operate nationwide, “something more” is needed to satisfy the express aiming requirement for personal jurisdiction.Continue Reading Ninth Circuit Finds No Personal Jurisdiction in California Over Website

A federal district court in the Northern District of California granted a motion to dismiss a putative class action where the plaintiff claimed that the defendant violated the California Invasion of Privacy Act (“CIPA”) § 631 for using a third-party chat feature on its website. The court dismissed the plaintiff’s claim for lack of Article III standing but granted leave to amend.Continue Reading Federal Court Dismisses Chatbot Claim for Lack of Article III Standing Where Plaintiff Could Not Show Concrete Injury

Only one claim survived dismissal in a recent putative class action lawsuit alleging that a pathology laboratory failed to safeguard patient data in a cyberattack.  See Order Granting Motion to Dismiss in Part, Thai v. Molecular Pathology Laboratory Network, Inc., No. 3:22-CV-315-KAC-DCP (E.D. Tenn. Sep. 29, 2023), ECF 38.Continue Reading All but One Claim in Pathology Lab Data Breach Class Action Tossed on Motion to Dismiss

A federal district court in the Northern District of California granted in part a motion to dismiss putative class action claims filed against Western Digital, a hard drive manufacturer whose older devices experienced a cyber-attack, where the plaintiffs alleged that their stored data was deleted but not that it was stolen.  While plaintiffs will be permitted to maintain claims related to the data loss, they lack standing to assert claims based on future data misuse.Continue Reading Federal Court Partially Dismisses Hacked Hard Drive Claims Where Plaintiffs Could Only Show Data Deletion, Not Theft

Last week, the Eleventh Circuit reversed in part and remanded an order certifying a class in a case arising from a data breach of Chili’s restaurants, Green-Cooper v. Brinker International, Inc., No. 21-13146, 2023 WL 4446420 (11th Cir. July 11, 2023).  The opinion clarifies the Eleventh Circuit’s view of when data breaches give rise to Article III standing.Continue Reading Eleventh Circuit Holds Having Payment Information Posted to Dark Web Establishes Standing in Data Breach Case, Remands Class Certification Order