Experts have warned that companies, and their top management, face even greater risks from the GDPR in certain parts of the world than they may have previously though.
With a second US company hit by shareholder action over claims it delivered misleading statements on General Data Protection Regulation (GDPR) readiness and impact the regulation would have on its business, experts have warned the case strongly suggests that companies, and their top management, face even greater risks from the new data privacy regime in certain parts of the world than they may have previously thought.
Last month, investors filed a lawsuit in the Southern District of New York against Nielsen, its CEO and CFO. Nielsen is a US-based global firm that uses data to deliver views on consumers and markets worldwide.
Its shareholders are seeking class-action certification and damages for Nielson’s alleged misleading statements about the GDPR, which came into force in May. The move followed the company’s quarterly results, in which Nielsen said GDPR-related changes harmed its growth, disrupted its advertising ecosystem and pressured partners and clients.
Nielsen missed its revenue and earnings targets, revising down its forecasts for the year. The company’s share price dropped by more than 25%.
The shareholders argue that Nielsen failed to warn them of the effect the GDPR would have on the company. They said the company repeatedly assured investors that “because privacy was built into the way its business processes, the enactment of the European General Data Protection Regulation … would not impact its necessary access to large data sets provided by its partners like Facebook”.
The shareholders allege that Nielsen’s statements were false because the company “recklessly disregarded its readiness for and the true risks of privacy regulations and policies, including the GDPR, on its current and future financial and growth prospects”. They also attest the company was “far more dependent on Facebook and other third-party large data set providers” than it has previously disclosed, and failed to explain that changes to privacy rules would affect such access.
The Nielsen case follows a securities suit in the US against Facebook itself in July. The company’s quarterly earnings disappointed investors, in part because the company was affected by allegedly unanticipated expenses and difficulties in complying with the GDPR.
Experts and risk managers have expected companies to fall foul of the GDPR’s data privacy laws and the regulators. But the cases brought against Nielsen and Facebook show that companies in the US and other parts of the world are at risk of lawsuits for simply failing to manage the impact of data privacy law on financial performance.
Full article on Commercial Risk (subscription required)
© Commercial Risk Europe
Key
Hover over the blue highlighted
text to view the acronym meaning
Hover
over these icons for more information
Comments:
No Comments for this Article