Audience analysis firm Nielsen sued over 'misleading' GDPR statements

News by Tom Reeve

A shareholder in UK-based Nielsen has launched a class action lawsuit in the US alleging the company misled investors by claiming to be prepared for GDPR, a case which is potentially worrying for many other companies.

A shareholder in Nielsen Holdings plc, the audience behaviour analysis company, is suing the company and its senior management for issuing ‘misleading’ statements about the value of the company.

Arun Bhattacharya filed the complaint in the Southern District of New York (SDNY) court last month claiming the company and its managers made public statements which they "knew or recklessly disregarded were misleading" – and withheld information that would have revealed that the statements were misleading – in violation of the Securities Exchange Act 1934.

Nielsen Holdings Plc is a UK registered company that trades globally. It has headquarters in New York and London.

Bhattacharya claims that the misleading statements, regarding the company’s preparedness for the introduction of the General Data Protection Regulation (GDPR) in May this year, resulted in the market overvaluing shares in the company between February and July.

He has applied to have the case declared a class action encompassing everyone who traded shares in the company during the affected time.

The complaint says that shares in the company traded as high as US$34.00 (£26) per share in the period up to 26 July when the company "shocked investors as it published its financial results for second quarter 2018". The company announced that it had missed its revenue and earnings targets, blaming GDPR which had "impacted our growth rates in the near-term". It also announced that the CEO Dwight Barns would retire at the end of 2018. Barns is named as a defendant in the lawsuit along with the chief financial officer Jamere Jackson.

Following the earnings announcement, shares in the company fell more than 25 percent, from US$29.75 (£23) per share on 25 July to US$22.11 (£17) per share on 26 July, on a volume of 38 million shares, around 10 percent of the company’s 355 million issued shares.

The complaint centres around repeated statements made by the company CEO and CFO to the market regarding its preparations for GDPR. Of particular concern to analysts during various conference calls was Nielsen’s relationship with media companies such as Facebook with which it has data-sharing agreements, the complaint says.

Concern centred around the impact of data protection and privacy legislation on the company’s two core businesses, Buy, which tracked the public’s purchasing decisions, and Watch, which tracked what they read, watched and listened to.

According to the complaint, in an analysts’ call on 8 February as it released its 2017 financial results, Barns said: "GDPR, we’ve been focused on this for some time. We have a big team that’s working on it. We’ve been out in front of it. We’re ready. And we don’t see any significant impact for our Buy business. For Watch, there’ll be some things that we’ll have to do to ensure our compliance with the regulations, but it’s manageable. We don’t expect to see any major impact on our business. We still – we’ll still have access to all the data that we’re going to need for our products. So yes, we’re in good shape."

The complaint also quotes Barns saying that he was so confident of the company’s preparations for GDPR that it would be a "non-event from our side as compared to how it played out for some others".

Jon Baines, data protection advisor at lawyers Mishcon de Reya, told SC that he believes this is the first case of its kind.

"In the months leading up to GDPR coming into effect, a lot of companies made confident announcements about their preparedness. Generally this sort of announcement will have been seen as ‘mere puffery’ – not intended to be relied upon – but this claim against Nielsen, which is – as far as I know – the first of its kind, shows that words do have consequences, and will be likely to make many other companies slightly uneasy that they might be held to account for what they said about their GDPR preparations.

"I can't say I anticipated this sort of case emerging, but it's a logical argument – can one claim one is ready for something, and then blame poor results on that same thing when it happens?"

While the claim has been made in the US under securities law, he said, "It will be interesting to see if any similar claims are made in other jurisdictions."

Rashmi Knowles, field CTO EMEA at RSA Security, said: "Any company outside of the EU that was in any doubt about whether GDPR applied to them should be taking heed and acknowledging that if you process or store EU citizen data, GDPR is a business risk that needs to be managed."

Nielsen Holdings declined SC’s request for comment.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews