Following Pressure From Shareholders, Facebook Board Adopts New Focus on ‘Privacy and Data Use’, ‘Community Safety’ and Cybersecurity Risks

Move by company nearly mirrors recommendations made by shareholders and activists; critical board committee is now responsible for ‘Audit & Risk Oversight’

New York - June 18 - Facebook Inc.’s Board of Directors responded to pressure from shareholders and quietly adopted important and substantial changes to the charter of one of the board’s key committees, renaming the committee to include the responsibility for "risk" and broadening its mission to include oversight of issues that have placed the social media platform at the center of global controversy, including privacy, data use, community safety and cybersecurity.

The changes are included in a posting on Facebook’s corporate website. They became effective June 14 and were not otherwise announced publicly.

The actions taken by the Facebook board closely match those recommended in a shareholder proposal that was voted on at the company’s annual meeting two weeks ago. That proposal, filed by Trillium Asset Management and the Park Foundation, and developed with support from Open MIC, called for the board to appoint a Risk Oversight Committee. Facebook strongly opposed the proposal, which nonetheless attracted support of more than 45% of the company’s independent shareholders, according to an Open MIC analysis.

“This is an important step by Facebook’s board toward improving corporate accountability and attempting to address the many controversies plaguing the company,” said Michael Connor, Executive Director of Open MIC, a group that has worked with Facebook shareholders for years to bring about better transparency and accountability at the company. “Acknowledging the responsibility of the board is a critical step toward accountability, but the real work is for Facebook to become truly responsive to the people who are most impacted by its privacy, data use, community safety, and cybersecurity policies. Facebook will continue to be judged by how it actually avoids risks and harms to its billions of users, not by what it promises.”

“The people who use Facebook deserve better assurances that their privacy will be protected,” said Jon Jensen, Executive Director of the Park Foundation.

Jonas Kron, Senior Vice President at Trillium Asset Management, said: “The Facebook board has made an important and necessary change by expressly articulating these responsibilities for overseeing privacy, impacts on the public interest, and other areas. It reflects more robust and big picture risk oversight and depending on implementation, we expect it should help to stem the flow of serious controversies facing Facebook.”

In its latest action, Facebook’s board does not establish a new committee but instead renames its prior Audit Committee as the “Audit & Risk Oversight Committee,” with a focus on many of the responsibilities in the shareholder proposal. The new charter specifically charges that the committee will meet at least annually with Facebook management to review:

  • Privacy and Data Use, including “a) the Company’s privacy program, (b) the Company’s compliance with its consent order with the U.S. Federal Trade Commission, as well as the General Data Protection Regulation and other applicable privacy and data use laws, and (c) the Company’s major privacy and data use risk exposures…”;

  • Community Safety and Security, including “assessment of the major ways in which (the Company’s) services can be used to facilitate harm or undermine public safety or the public interest, as well as the steps the Company has taken to monitor or mitigate such abuse...”;

  • Cybersecurity, including “the Company’s cybersecurity risk exposures and the steps the Company has taken to monitor or mitigate such exposures...”.

Members of Facebook’s newly-named Audit & Risk Oversight committee include four of the company’s independent directors: Erskine B. Bowles, Marc Andreessen, Kenneth I. Chenault and Jeffrey Zients.