Meta Lawsuit Settlement Alerts Boards Of Changing Privacy Landscape
Meta Platforms Inc., the owner of Facebook, Instagram and WhatsApp, recently settled a privacy lawsuit, sparing some key executives and board members from testifying in open court. While settling lawsuits is rarely a pleasant action for boards to take, it is generally preferable to having board members testify in open court where sensitive information regarding company operations could be discussed. Corporate board members at other companies may want to determine the actions (or inaction) that inspired Meta shareholders to sue the tech giant and make sure their companies don’t do anything similar. This is particularly important as privacy issues, which continue to evolve globally, were at the core of this shareholder lawsuit.
Shareholders filed the lawsuit in 2018, accusing CEO Mark Zuckerberg, director Marc Andreesen, former COO Sheryl Sandberg and other board members of the company that was then called Facebook, for failing to protect the company’s users’ data, then paying a $5 billion Federal Trade Commission settlement, in what they claim, was a bid to shield Zuckerberg from personal liability in the Cambridge Analytica scandal. The $190 million settlement covers British data firm Cambridge Analytica’s improper access to the information of millions of Facebook users.
While most companies can honestly say that they don’t expect to deal with anything remotely like the Cambridge Analytica scandal, the proper handling of customer private data will continue to present companies with significant challenges. Since customer’s private data is used to generate sales, privacy laws are evolving to provide greater protection from spam calls and emails, and other types of unsolicited offers. Board members should expect greater emphasis from regulators involving privacy issues and cyber security in the coming months. Privacy and confidentiality laws will affect each company differently. Here are some things boards might consider as we head into 2026:
Stay up-to-date on changes in privacy laws. There are many new privacy laws that have gone into effect in 2025 that boards might want to review to make sure they are in compliance. In the U.S., Delaware, Iowa, Maryland, Minnesota, Nebraska, New Hampshire, New Jersey and Tennessee all enacted new privacy laws this year. Internationally, the European Union, Australia, China, Malaysia, Peru and India have all made changes to data protection legislation or have implemented new rules regarding cross-border data transfers. Companies that are operating these jurisdictions should review the appropriate privacy regulations and make sure they are compliant.
Update D&O insurance. Meta will reportedly pay its shareholder lawsuit’s $190 million settlement with D&O insurance. Companies should review D&O insurance coverage annually as new threats may periodically arise. Meta’s board had insurance that could cover a $190 million settlement—could your D&O insurance do the same? Some boards may need to increase or expand their current coverage. Increasing insurance covering data breaches may also be a prudent move.
Review how customer data is currently being used. Make sure the use of AI doesn’t violate privacy or confidentiality regulations. Be aware that the way your company used customer data last year may now be in violation of new regulations, so adjustments may need to be made. Also, as companies begin greater use of artificial intelligence, be aware that in many cases, companies must give consumers notice when they may be interacting with AI and when AI is making automated decisions. Customers also need to be given the right to opt-out of having their personal data used to train AI. Expect greater scrutiny in these areas in the future.
Print Article
