· Governance · Industry News
What Meta's $8 Billion Settlement Signals About Governance
Last week, Meta’s current and former directors and officers settled a $8 billion shareholder claim for undisclosed amounts. The core allegation of the claim was that the current and former directors and officers of Meta breached their fiduciary duties by failing to prevent repeated privacy violations. The board failed to maintain adequate oversight for known privacy risks.
This caught my attention, not because of the price tag, but rather what it signals about where corporate governance is heading. This is the first time a plaintiff has been able to bring a privacy-related Caremark oversight claim into the courtroom, and it underscores the importance of privacy and data governance in corporations, as negligence may expose individual directors and officers to personal liability.
Some takeaways from this decision:
- Data and privacy compliance cannot be delegated fully to compliance officers or the IT department. Boards must take an active role in understanding, overseeing, and monitoring policies.
- Establish oversight structures with “paper trails”, think audit trails, committee meeting minutes, relevant board meeting minutes, privacy impact assessments, third-party audits, etc.
- Policy does not equal practice. Meta had robust privacy policies, but the claim arose due to the failure to act on known risks. Mere adoption of policies and frameworks on paper is insufficient; there must be operational follow-through and evidence of action.
Privacy and AI governance are converging, and the lesson here is clear: boards and executives can no longer afford to treat these risks as technical or siloed. Governance must be proactive, integrated, and well-documented. In-house legal teams now have an important role to play in identifying the regulatory risks and building the internal governance frameworks that can correctly anticipate and resolve these risks.