Facebook Case study

2.1 Overview of Facebook’s Governance

Facebook’s approach to corporate governance emerged from a singular vision: that a founder-led company could scale faster, innovate more boldly, and stay truer to its mission than a firm beholden to traditional shareholder constraints. This idea—that concentrating power in the hands of a founder was a feature rather than a flaw—became the foundation of Facebook’s governance philosophy.The logic of this model was not unique to Facebook. Over the past two decades, Silicon Valley has embraced a broader cultural narrative celebrating the charismatic founder as both visionary and steward. Mark Zuckerberg embodied this archetype. His technical acuity and unrelenting ambition built a product that captured the attention of hundreds of millions of people before he turned thirty. Investors, media analysts, and employees often credited his singular focus and long-term thinking as critical to Facebook’s meteoric rise.Yet Facebook also exemplifies how this governance philosophy, while potent in scaling technology, introduces structural vulnerabilities when the scope of a company’s influence extends into the civic and social fabric of the world.From its earliest days, Facebook’s governance was engineered to reflect Zuckerberg’s centrality to the company’s mission. He was not merely a CEO but a cultural touchstone and a unifying symbol for the organization’s identity.

This approach was evident in multiple facets:

• Decision-Making: Zuckerberg personally shaped almost every major strategic pivot, from the News Feed’s launch to the acquisition of Instagram, WhatsApp, and Oculus.
• Hiring and Culture: Early employees described a culture where deference to Zuckerberg’s vision was both expected and celebrated.
• Public Narrative: Investor communications routinely emphasized his unique role, warning that any loss of his leadership could be materially detrimental to the company.

Facebook’s IPO prospectus in 2012 set the tone by stating:

“Mark has been instrumental in defining our mission and strategic direction, and we expect that he will continue to play a key role in managing and operating Facebook for the foreseeable future.”

This statement was not merely legal boilerplate. It encapsulated a governance rooted in the belief that innovation was inherently personal—that only a founder could navigate the trade-offs between growth, product development, and long-term ambition.

2.1.1 The Case for Founder Control

Zuckerberg and his advisers argued that founder-centric governance protected the company from the short- termism endemic to public markets. In their view, quarterly earnings pressures and activist shareholder demands often forced companies into incremental strategies. To achieve Facebook’s mission—to connect everyone in the world—the leadership believed they needed the autonomy to take risks, make unpopular investments, and weather public criticism.This became a recurring theme whenever Facebook faced scrutiny. When controversies erupted—whether over privacy practices, misinformation, or content moderation—Zuckerberg frequently insisted that the company’s long-term commitment to openness and connection outweighed any single crisis.

Supporters of this governance model often cited examples from other founder-led firms, such as Alphabet and Amazon, arguing that preserving founder influence had driven innovation and shareholder returns. Indeed, during Zuckerberg’s tenure, Facebook achieved explosive growth:

• Growing from 100 million users in 2008 to over 3 billion by 2025.
• Generating annual revenues exceeding $130 billion.
• Becoming one of the most valuable companies in

To many investors, these outcomes appeared to validate the premise that founder control was not only sustainable but essential to the company’s success.

2.1.2 Early Signs of Tension

Long before Facebook became a lightning rod for public criticism, there were indications that its governance model might struggle to keep pace with its growing societal impact.

For example:

• In 2010, the introduction of the News Feed and algorithmic ranking sparked internal debate over whether the platform should privilege engagement over informational integrity.
• In 2012, when Facebook went public, privacy advocates warned that the company’s scale demanded stronger governance safeguards than its dual-class structure allowed.
• In 2014, following the acquisition of WhatsApp, co-founder Jan Koum reportedly clashed with Facebook leadership over encryption policies and monetization—tensions that foreshadowed later debates about data use and user trust.

Despite these warning signs, Facebook’s governance idea remained largely unchanged. The underlying assumption was that Zuckerberg’s leadership and the company’s mission were sufficient to navigate any challenge.

2.1.3 The Inherent Risks of Concentrated Power

Academic literature on corporate governance has long documented the risks of concentrated founder control:

• Lack of Board Independence: Directors may defer to the founder’s preferences rather than exercise rigorous oversight.
• Weak Accountability Mechanisms: Dual-class structures insulate management from shareholder activism and pressure to reform.
• Cultural Homogeneity: Overreliance on a founder’s worldview can discourage dissenting perspectives and slow organizational learning.

In Facebook’s case, all three risks were present. Zuckerberg’s combined roles as CEO and board chair, coupled with his super-voting shares, created a governance structure where no external stakeholder could compel meaningful change without his assent.While this arrangement allowed for strategic consistency and long-term investments, it also meant that when governance failures occurred—such as during the Cambridge Analytica crisis or the spread of political misinformation—responsibility was diffuse, but authority remained singular.

2.1.4 Governance at Scale:

By the mid-2010s, it was clear that Facebook’s impact was no longer confined to social networking. The platform shaped elections, public health messaging, and the distribution of news around the globe. Yet the governance structures remained optimized for a consumer technology company rather than a de facto public utility.

This mismatch between scale and accountability created what one governance expert described as “the legitimacy gap.” In other words, Facebook was exercising power traditionally reserved for democratic institutions—determining what speech was permissible, which actors were credible, and which communities could organize—without corresponding checks and balances.

The company’s leadership often described these issues as “hard problems,” emphasizing their complexity. While true, this framing sometimes obscured the degree to which Facebook’s governance philosophy—founded on unilateral control—limited its capacity to respond effectively.

2.1.5 Repeated Calls for Reform

As Facebook (now Meta) grew into a global platform with profound social and political influence, it also drew intense scrutiny from institutional investors, regulators, civil society, and academic commentators. While the company continued to dominate financially and technologically, these stakeholders began raising serious concerns about whether its governance model—particularly the concentration of decision-making authority in Mark Zuckerberg—was sustainable, ethical, or fit for purpose.The concerns were not speculative. They were rooted in a series of governance failures, public scandals, and reputational crises that consistently highlighted how Facebook’s leadership structure lacked meaningful internal accountability.

Repeatedly, external stakeholders called for governance reforms—only to be met with resistance, deflection, or procedural defeat.

Shareholder Proposals: Symbolic But Powerless

From 2016 onward, large institutional investors—such as Trillium Asset Management, NorthStar Asset Management, and Arjuna Capital—began submitting shareholder proposals calling for reforms to enhance Facebook’s board accountability and ethical oversight. These proposals typically focused on three key demands:

1. Separation of CEO and Board Chair Roles: Shareholders argued that Zuckerberg’s dual role created a conflict of interest. & A truly independent board chair, they believed, would provide more rigorous oversight and ensure broader stakeholder interests were represented.
2. Sunset Provision for Dual-Class Shares: Proposals asked that Zuckerberg’s super-voting shares be phased out over time, giving common shareholders a more proportionate say in governance.
3. Creation of a Risk Oversight or Ethics Committee: Suggested committees would focus on emerging societal risks like misinformation, algorithmic bias, and data misuse—issues traditional audit or compensation committees were ill-equipped to handle.

Despite the volume and consistency of these proposals, none passed. The reason was simple: Mark Zuckerberg controlled over 55% of voting power due to Facebook’s dual-class share structure. Regardless of how large shareholders voted, Zuckerberg had the final word. At Facebook’s 2019 Annual General Meeting (AGM), for example, a record number of proposals were submitted demanding structural reform. One of the most prominent proposals called for an independent board chair. It was endorsed by a coalition of public

pension funds, including the New York City Comptroller’s Office, which manages retirement funds for over 700,000 workers. In public statements, they argued:

“No one should have unfettered control, especially when the company’s social and political impact is so vast and deeply consequential.” The proposal was voted down—by Zuckerberg himself.

ISS and Glass Lewis Governance Ratings

Third-party corporate governance watchdogs, such as Institutional Shareholder Services (ISS) and Glass Lewis, repeatedly flagged Facebook’s governance structure as high-risk. ISS, for instance, gave Facebook a Governance QualityScore of 10 (the worst possible rating) in categories such as board structure, shareholder rights, and compensation practices.These assessments were used by responsible investment firms and ESG (Environmental, Social, Governance) analysts to evaluate Facebook’s long-term risk profile. The consistent red flags sent a message to the investor community: while the company was financially high-performing, it carried serious governance vulnerabilities that could translate into reputational damage, legal liability, and operational disruption.Still, Facebook’s stock continued to perform well—at least until major controversies (like Cambridge Analytica or antitrust lawsuits) briefly affected public perception. As a result, some investors rationalized governance concerns as secondary to financial returns, weakening the push for reforms.

Civil Society and Academic Calls

Beyond shareholders, scholars, ethics boards, and non-profit institutions urged Facebook to consider structural reforms as part of its social responsibility. A 2020 white paper by the Harvard Kennedy School’s Belfer Center recommended that technology platforms, including Facebook, implement:

  Mandatory transparency reporting on content moderation and algorithmic design.

  Stakeholder advisory councils including civil society, minority groups, and journalists.

  Internal ethics committees that report directly to the board, not to business units.

Organizations like the Center for Humane Technology, led by former Google design ethicist Tristan Harris, argued that Facebook’s governance structure was ill-equipped to confront its own externalities. They highlighted that product teams optimized for growth were rarely held ethically accountable for societal harm, and that only board-level reforms could realign those incentives.Still, Zuckerberg and Facebook’s leadership remained publicly confident in their internal processes and emphasized voluntary reforms—such as the creation of the Oversight Board—over structural change.

Regulatory Pressure and Indirect Influence

While Facebook’s internal voting structure insulated it from shareholder pressure, external regulators began to increase their scrutiny, applying indirect pressure on the governance model:

 The Federal Trade Commission (FTC) imposed a $5 billion fine in 2019 for repeated privacy violations, demanding new compliance frameworks and board-level certifications.

The EU’s GDPR (General Data Protection Regulation) and Digital Services Act introduced obligations for transparency, algorithmic accountability, and ethics-by-design.

 Legislators in the U.S. and U.K. began holding Facebook executives—including Zuckerberg himself— accountable through public hearings.

These interventions, while not directly altering internal governance, created reputational and legal incentives for the board to consider stronger oversight mechanisms. Even so, formal reforms—such as enhanced board independence or sunset clauses for dual-class shares—were never implemented.

Employee and Whistleblower Demands

Internally, calls for reform also grew. Following the revelations by whistleblower Frances Haugen in 2021, which included tens of thousands of internal documents (dubbed “The Facebook Papers”), many employees publicly and privately voiced support for greater governance accountability.Haugen’s disclosures made a clear ethical case: Facebook’s leadership repeatedly made decisions that put engagement and growth ahead of user safety, even when internal research showed measurable harm.

In her testimony to the U.S. Senate, she emphasized:

“Facebook’s leadership knows how to make the platform safer, but won’t make the necessary changes because they have put their profits before people.”

Her testimony led to renewed interest in governance reforms, including proposals from Congress to mandate board-level responsibility for algorithmic decisions—akin to Sarbanes-Oxley compliance for financial disclosures.

• The Meta Pivot: Continuity or Change?

On October 28, 2021, Mark Zuckerberg announced that Facebook, Inc. would rebrand itself as Meta Platforms, Inc., ushering in what he described as a new era of digital connectivity: one centered on the metaverse. According to Zuckerberg, Meta’s new mission was to help “bring the metaverse to life” and fundamentally reshape how people interact across virtual spaces, digital commerce, entertainment, and work. The announcement was momentous not only because it signaled a dramatic shift in product vision and corporate identity, but also because it invited deeper questions about whether the company’s pivot represented a genuine strategic transformation—or a rebranding effort meant to deflect from mounting governance and ethical scrutiny.In the wake of growing criticism around misinformation, privacy violations, youth mental health, algorithmic bias, and political influence, the Meta pivot raised a crucial dilemma: was this a break from the past or a continuity of culture, leadership, and governance?

1. The Strategic Narrative – Repositioning Amid Crisis: From a business perspective, the Meta pivot was positioned as both visionary and inevitable. Facebook’s leadership described the metaverse as the “next frontier,” much like mobile computing had succeeded desktop computing a decade earlier. According to Zuckerberg, the company wanted to lead this next wave of technological transformation by developing immersive environments using virtual reality (VR), augmented reality (AR), 3D avatars, and social gaming.

The timing of the rebrand was telling. The announcement came just weeks after the release of the Facebook Papers, a massive whistleblower leak by former product manager Frances Haugen that exposed internal research showing the company’s harmful impacts across the globe—from destabilizing elections to harming adolescent well-being.Critics argued that the metaverse initiative, with its heavy investment in future-forward ideas, was a calculated distraction from the company’s unresolved ethical issues. As The Guardian reported, “Meta is not a clean break from Facebook’s past—it’s an expansion of its control over our future.”

1. Governance Structures Remain Largely Unchanged: Despite the sweeping scope of the company’s new vision, Meta’s governance model remained structurally identical to that of Facebook:

Mark Zuckerberg retained majority voting control, owning a supermajority of Class B shares.

He remained Chairman of the Board and Chief Executive Officer, concentrating both symbolic and operational power.

 The board composition, executive reporting structures, and shareholder rights did not significantly evolve.

In effect, the same leadership architecture that presided over Facebook’s most serious ethical failures was now tasked with shaping the future of the metaverse—a far more immersive, complex, and unregulated space.For many observers, this continuity of control raised red flags. If the company had failed to demonstrate accountability in managing two-dimensional content feeds, could it be trusted to govern an immersive virtual world with higher stakes for identity, privacy, and manipulation?

C. Meta’s Long-Term Bets and Capital Allocation

The pivot to Meta was not merely cosmetic. By 2023, the company had invested over $36 billion in Reality Labs, its metaverse-focused research and development division. These investments included:

Development of Oculus VR hardware

 Horizon Worlds (a social VR platform) AR interface development

Holographic projection, AI avatars, and spatial computing

Zuckerberg was transparent about the long-term nature of this bet. In earnings calls and shareholder meetings, he acknowledged that the metaverse might take 5 to 10 years to reach commercial viability.

This high-stakes, capital-intensive pivot raised governance questions:

  Were there adequate oversight mechanisms to evaluate progress and course correct?

Was the board capable of challenging Zuckerberg’s assumptions, or were they merely stewards of his vision?

Were investors given a real say in how billions in free cash flow were allocated to speculative projects?

These questions remained unanswered—reinforcing the sense that the Meta pivot reflected continuity in decision-making concentration more than a cultural or governance transformation.

D. Ethical Implications of the Metaverse

The ethical challenges that Facebook faced in managing content on a flat, screen-based interface were already formidable. The metaverse promised to amplify those challenges in new and unpredictable ways:

 Data privacy: Meta would have access to biometric information, eye-tracking data, and spatial movement.

Content moderation: In immersive environments, harmful speech could take the form of actions, gestures, or virtual violence.

 Youth safety: VR platforms lacked regulatory safeguards, exposing children to harassment or psychological manipulation.

Economic dependency: Meta’s vision included virtual real estate, labor markets, and digital currencies—domains that blend corporate control with quasi-governmental functions.

Yet, despite these expanded ethical frontiers, Meta had not implemented substantial reforms to its internal governance. It did not establish a standing ethics board, independent oversight mechanisms for metaverse development, or systemic impact reviews.

Instead, the company relied on the same self-regulatory model that had drawn sharp criticism for Facebook: internal policy teams, externally contracted moderators, and a reactive approach to public scandals.

1. The Oversight Board’s Limited Reach: The creation of the Facebook Oversight Board in 2019 had been touted as a model for ethical self-governance. But as Meta expanded into new domains, the Oversight Board’s jurisdiction remained narrow:

It could review specific content decisions, but not product design or algorithmic choices.  It had no formal say in metaverse governance, despite the enormous ethical implications.

This limitation underscored a deeper problem: Meta’s ethical oversight structures were retrofitted to existing products, not built into the architecture of future innovations.

For critics, this was a clear signal that Meta was repeating the same governance mistakes, applying yesterday’s accountability tools to tomorrow’s technologies.

2021. Shareholder Response and Market Confidence: Investors responded cautiously to the Meta pivot. While some appreciated the long-term vision, others expressed concern about the scale of capital being allocated to unproven In 2022–2023, Meta’s share price fluctuated sharply, with market capitalization falling below $500 billion at one point—down from over $1 trillion in 2021. Critics cited:

 Poor communication around metaverse benchmarks Lack of tangible user growth in Horizon Worlds Reputational overhang from Facebook’s legacy scandals

Despite this, Zuckerberg remained defiant. At a 2023 shareholder meeting, he stated: “We’re in this for the long haul. The metaverse is too important to be left to chance.”

Given Zuckerberg’s voting control, dissenting shareholders had no power to influence capital allocation or governance structures. This again reinforced the theme of continuity: visionary ambition paired with centralized authority and minimal external accountability.

1. Continuity of Culture, Not Just Control: Beyond formal structures, the Meta pivot also represented a cultural continuity with Facebook’s The emphasis on speed, experimentation, and disruption remained intact. The company continued to promote an internal narrative of boldness, resilience, and world-changing ambition.what did not significantly change was:

The deprioritization of risk assessment in early product design.  The absence of built-in ethical audits for emerging technologies.

The conflation of user growth with user well-being.

Zuckerberg’s control meant that even with a new name and strategic direction, the values, incentives, and governance culture of Facebook remained deeply embedded in Meta’s DNA.

2.2 Board of Directors Composition

Any examination of Facebook’s governance must begin with the boardroom—where, in theory, oversight, accountability, and strategic stewardship converge. Over the course of its evolution into Meta, the company maintained a board of directors that was both accomplished and, in some respects, emblematic of the contradictions inherent in founder-led governance.On paper, Facebook’s board was a microcosm of Silicon Valley’s elite: seasoned executives, venture capitalists, and prominent public figures with deep experience in technology, media, and finance. Yet despite their credentials, the board’s capacity to check executive power was structurally constrained. In practice, the board functioned less as a counterweight to Mark Zuckerberg and more as a circle of advisers whose authority derived from—and was ultimately subordinate to—his singular control.This dynamic is essential to understanding how the board evolved, how it operated, and why it struggled to prevent or mitigate the company’s most significant ethical crises.

2.2.1 The Founding Era: The Tight-Knit Inner Circle

When Facebook was still a private company, the board was small and deeply intertwined with the company’s earliest investors and mentors.

1. Peter Thiel: Co-founder of PayPal and an early investor whose backing gave Facebook credibility among venture capitalists.
2. Jim Breyer: Managing partner at Accel Partners, the firm that led Facebook’s Series A funding

• Marc Andreessen: Co-founder of Netscape and Andreessen Horowitz, a prominent advocate for Zuckerberg’s vision.

These directors played a critical role in shepherding the company through its formative years. They provided guidance on scaling infrastructure, navigating competitive threats, and managing rapid user growth. But they also reinforced a culture that centered Zuckerberg’s instincts above all else.Indeed, Zuckerberg’s consolidation of control was no secret. The early board recognized his primacy and endorsed the dual-class share structure as an explicit mechanism to protect his influence. In effect, the board’s composition and philosophy were designed to enshrine founder-led decision-making as the company’s core operating principle.

2.2.2 Board Composition at IPO: A Blueprint for Control

Facebook’s 2012 IPO marked a turning point in its public accountability—but not in its internal governance. At the time of going public, the board consisted of:

1. Mark Zuckerberg (Chairman and CEO)
2. Sheryl Sandberg (COO)

• Erskine Bowles (Former White House Chief of Staff)

1. Reed Hastings (CEO of Netflix)
2. Marc Andreessen
3. Donald Graham (CEO of The Washington Post)

• Peter Thiel
• James Breyer

This lineup reflected a blend of operational executives, independent directors, and venture capital representatives. On the surface, it appeared well-balanced. In practice, several characteristics limited its independence:

• Board members owed their seats in large part to Zuckerberg’s
• His majority voting power guaranteed their
• Longstanding personal relationships shaped interactions and

Reed Hastings, for example, was widely respected as an independent voice. But even he acknowledged the challenge of counterbalancing Zuckerberg’s influence. Over time, observers noted that directors frequently deferred to Zuckerberg’s judgment, especially on product strategy and growth priorities.

2.2.3 The Evolution of Board Membership (2012–2022)

As Facebook transitioned into Meta, the composition of the board evolved. Some long-serving directors, such as Donald Graham and Erskine Bowles, stepped down. New directors joined, including leaders with backgrounds in finance, technology, and public service:

1. Peggy Alford: EVP at PayPal, bringing payments and fintech
2. Tracey Travis: CFO of Estée Lauder, adding financial and operational

• Tony Xu: CEO of DoorDash, representing the next generation of tech

1. Nancy Killefer: Former senior partner at McKinsey &
2. Robert Kimmitt: Former U.S. Deputy Secretary of the Treasury.

By 2022, the board had expanded to include more gender and professional diversity. However, the central dynamic remained unchanged:

Zuckerberg retained ultimate voting control. He held both the CEO and Chairman roles.

No director could be appointed or removed without his consent.

This arrangement placed structural limits on the board’s power to act independently, particularly when controversies demanded robust scrutiny of leadership decisions.

2.2.4 The Role of Sheryl Sandberg

Perhaps no figure besides Zuckerberg himself shaped Facebook’s governance more than Sheryl Sandberg. As Chief Operating Officer, she was not only the architect of Facebook’s advertising juggernaut but also the company’s public emissary during crises.Sandberg was widely respected for operational discipline and political acumen. She played a pivotal role in recruiting board members, guiding investor relations, and managing regulatory engagements. Yet her dual role as both senior executive and board member created an inherent tension:

• As COO, she was accountable for delivering results and defending management
• As a director, she was expected to exercise oversight over the same

This duality sometimes limited her capacity to challenge Zuckerberg. While insiders described occasional disagreements, there is little evidence that Sandberg’s board presence materially constrained Zuckerberg’s strategic priorities.Her departure in 2022—after 14 years—was framed as an inflection point, but it did not substantively alter the company’s governance structure.

2.2.5 Independence and Tenure: A Mixed Record

While Meta’s board included respected leaders, questions persisted about their independence. Governance analysts measure independence not only by employment status but by tenure, relationships, and the practical willingness to dissent.

Key concerns included:

• Long Tenure: Several directors served for more than a decade, potentially compromising
• Personal Relationships: Early investors and allies maintained close ties to
• Limited Turnover: Despite evolving challenges, board refreshment was

Indeed, proxy advisory firms such as ISS frequently flagged the board’s independence as inadequate. In its 2021 Governance QualityScore, ISS gave Meta a high-risk rating, citing “a lack of effective checks on management.”

2.2.6 Committees and Their Roles

In theory, board committees represent one of the most important mechanisms through which directors exercise detailed oversight. They allow a board to delegate complex issues—such as financial compliance, compensation, and risk management—to smaller groups of directors with the time, expertise, and focus to conduct more thorough reviews.At Facebook—later Meta—the existence and operation of these committees were especially significant. As the company’s influence grew, the breadth of issues that required scrutiny expanded dramatically, ranging from financial reporting and data privacy to content moderation and geopolitical risk. While the board established multiple committees to address these challenges, the effectiveness of their work was often circumscribed by the same structural limitations that shaped the board as a whole: Mark Zuckerberg’s consolidated control and the culture of deference to management priorities.

The Audit & Risk Oversight Committee

Mandate and Functions: The Audit & Risk Oversight Committee is arguably the most critical board committee in any publicly traded corporation. Its core responsibilities typically include:

• Reviewing and approving financial statements and
• Overseeing the company’s compliance with applicable laws and
• Monitoring internal controls and audit
• Engaging with external auditors to ensure the integrity of financial
• Evaluating enterprise-level risks, including cybersecurity, fraud, and legal

At Meta, this committee carried additional significance because the company operated in over 100 countries, faced numerous regulatory jurisdictions, and generated revenues exceeding $100 billion.

Membership and Composition: The Audit Committee was composed of independent directors with extensive experience in finance and corporate governance. Over time, members included:

• Susan Desmond-Hellmann, former CEO of the Bill & Melinda Gates
• Nancy Killefer, former senior partner at McKinsey &
• Peggy Alford, EVP of Global Sales at PayPal, who brought expertise in payments and digital

Effectiveness and Criticism: While the committee maintained oversight of financial reporting, observers questioned whether it had sufficient visibility into emerging risks unique to platform companies, including:

• Systemic algorithmic
• Political disinformation
• Large-scale data privacy

For example, in the wake of the Cambridge Analytica scandal, regulators and journalists criticized the Audit Committee for not identifying or escalating concerns over how third-party developers accessed and monetized personal data.

The Compensation & Governance Committee

Mandate and Functions: The Compensation & Governance Committee has two primary areas of responsibility:

1. Compensation: Determining executive pay structures, incentive plans, equity grants, and performance
2. Governance: Reviewing board performance, evaluating director nominations, and advising on governance best practices.

At Meta, the committee faced a distinctive challenge: balancing competitive compensation for senior executives with public criticism over excessive pay in the face of repeated controversies.

Executive Compensation Dynamics: Mark Zuckerberg famously took a nominal $1 annual salary, a symbolic gesture aligning with other tech founders like Steve Jobs and Larry Page. However, this figure obscured significant expenses borne by the company on his behalf, including over $23 million in annual security costs, making him one of the most expensive CEOs to protect in corporate America.Other executives, including Sheryl Sandberg, received substantial compensation packages tied to performance and equity awards. The committee was responsible for setting these terms and disclosing them to shareholders in annual proxy statements.

Governance Responsibilities: In addition to pay, the committee reviewed governance policies, including:

• Board refreshment and succession
• Director independence
• Evaluation of shareholder

Criticism and Constraints: Proxy advisory firms such as ISS and Glass Lewis often flagged the committee’s governance function as insufficiently independent. Because Zuckerberg controlled the voting majority, no compensation or governance recommendations could be implemented without his assent. Critics argued that this dynamic diluted the committee’s leverage to effect structural reforms, including proposals to separate the roles of CEO and Board Chair.

The Nominating & Corporate Governance Committee

Mandate and Functions: This committee played a vital role in:

• Recommending candidates for election to the
• Assessing board composition, including diversity and skill
• Overseeing corporate governance guidelines and committee

Given Facebook’s rapidly evolving business, the committee was responsible for identifying directors with expertise in areas like privacy law, cybersecurity, and global policy.

Board Diversity and Refreshment: Under growing pressure from investors and civil society, the committee gradually improved the board’s diversity. By 2022:

• Women held four of nine board
• Directors came from sectors beyond technology, including consumer goods, consulting, and
• The board included leaders with more public policy

Effectiveness and Cultural Influence: While the committee succeeded in diversifying representation, it remained constrained by Zuckerberg’s control over nominations and approvals. As a result, its recommendations were advisory rather than determinative. Some critics described the nominating process as “founder-centric window dressing,” pointing out that new directors were still ultimately accountable to Zuckerberg’s preferences.

The Privacy Committee

Origins and Purpose: The Privacy Committee was a more recent addition to Meta’s governance structure, established after the 2019 settlement with the Federal Trade Commission (FTC). As part of that settlement— which included a historic $5 billion fine—Facebook agreed to create a dedicated board-level committee focused solely on privacy practices.

Mandate: Its duties included:

• Overseeing implementation of the FTC consent
• Reviewing internal privacy audits and compliance
• Evaluating the impact of product launches on user data
• Reporting regularly to the full

Challenges

While the creation of the Privacy Committee was an important step, it faced persistent questions about whether it possessed true independence and authority. For example:

• The committee’s reviews relied on information supplied by management teams under pressure to sustain
• Critics argued that privacy considerations remained subordinate to engagement
• The committee’s deliberations were largely confidential, limiting

The FTC itself later issued statements expressing concern that Meta’s privacy governance reforms were inadequate to address systemic data risks.

Committee Dynamics and Cross-Committee Coordination: At large companies, board committees are expected to collaborate, especially on issues that straddle their mandates. For Meta, topics like algorithmic design, content moderation, and political advertising required coordinated oversight. However, observers noted persistent siloing of information, where committees operated in parallel rather than integrating perspectives.

Rarely, however, did committees undertake holistic reviews of how business models, product incentives, and regulatory exposures interrelated.This fragmentation often resulted in reactive rather than proactive

governance, as crises like Cambridge Analytica demonstrated. Despite multiple committees nominally responsible for risk oversight, no single body synthesized early warning signs into actionable reforms.

Committee Charters and Accountability: Each committee operated under formal charters—legal documents outlining their responsibilities and authorities. These charters were disclosed in annual proxy statements. However, governance experts argued that charters alone were insufficient without the power to challenge management decisions.

A telling example:

• In shareholder proposals calling for an independent risk oversight committee with binding authority to review product design, Meta’s board consistently recommended votes against, citing existing committee structures as adequate.
• These proposals were defeated due to Zuckerberg’s majority voting

This outcome underscored a central critique: while Meta had the appearance of modern committee governance, the ultimate authority rested with a single executive.

2.3 The Dual-Class Share Structure

Among all of Facebook’s governance features, none has been more influential—or more controversial—than its dual-class share structure. Conceived as a shield to protect founder control and long-term vision, this model ultimately became the most powerful mechanism shaping the company’s strategic direction, limiting shareholder influence, and constraining the board’s capacity to provide genuine accountability.Understanding how this system works, why it was adopted, and what consequences it has produced is essential to any comprehensive examination of Facebook’s governance.

2.3.1 What Is a Dual-Class Share Structure?

A dual-class share structure is a special way of dividing company ownership and voting power. Instead of giving every shareholder the same rights, the company creates two (or sometimes more) kinds of stock, each with different levels of influence over decision-making.Here’s how it typically works:

• Class A shares are sold to regular investors on the stock Each Class A share comes with one vote.
• Class B shares, on the other hand, are usually reserved for the founders, early executives, or Each Class B share often carries ten votes or more.

This means that the people holding Class B shares have many times more voting power per share than the public shareholders. A dual-class system allows a founder to keep tight control of the company, even as they sell off large portions of their economic ownership to raise money. For example, if a founder owns 15% of all shares, but they are Class B shares, they might still control over 50% of the total votes. This gives them the final say in:

• Who sits on the board of directors
• Whether to approve mergers or acquisitions
• How the company responds to shareholder proposals
• Long-term strategic plans

This system has become common in technology companies because founders often believe they need protection from what they see as the short-term focus of Wall Street investors. They argue that if they were forced to please shareholders every quarter, they would not be able to take big risks or stick to their mission over the long run.Critics point out that dual-class structures can weaken accountability. Since founders can never be outvoted, it is much harder for other shareholders or even the board of directors to force changes if something goes wrong. As a result, decisions—good or bad—ultimately rest in the hands of just a few powerful individuals.

Facebook adopted this exact system when it went public. From the very beginning, Mark Zuckerberg and a small group of insiders held Class B shares with ten votes per share, while everyone else held Class A shares with only one vote per share. This arrangement gave Zuckerberg almost complete control over the company’s direction, no matter how much public money was invested.

2.3.2 Facebook’s Implementation

When Facebook prepared to go public in 2012, the company and its advisors faced a defining question: How could they raise billions of dollars from public investors without surrendering control of the business Mark Zuckerberg had built? Their answer was to create a dual-class share structure specifically designed to preserve Zuckerberg’s authority, no matter how large Facebook became or how many shares were sold on the open market. This decision was not made in a vacuum—it reflected a broader trend in Silicon Valley that elevated the founder’s role to near-mythic status.

Here’s how the system was implemented in detail:

Class A Shares: These were the ordinary shares offered to the public when Facebook listed on Nasdaq.

• Each Class A share carried one vote per
• Institutional investors—mutual funds, pension funds, and individuals—bought these shares to participate in Facebook’s growth.
• While these investors collectively owned the vast majority of the company’s economic value, they held only a minority of the votes.

In most traditional companies, all shares are Class A shares, so ownership and voting power are directly proportional. But at Facebook, this was deliberately not the case.

Class B Shares: Class B shares were a special category reserved for insiders—founders, early employees, and pre-IPO investors who were loyal to Zuckerberg’s vision.

• Each Class B share carried ten votes per share, giving it ten times the influence of a Class A
• The Class B shares were not traded on the open market; they could only be transferred under strict conditions, typically to other insiders or to Zuckerberg himself.
• This meant that even as Facebook sold billions in shares to the public, Zuckerberg’s control would remain undiluted.

At the time of the IPO:

Zuckerberg personally held about 28% of the company’s total shares.

Because nearly all of these shares were Class B, he controlled approximately 57% of the voting power.

This 57% control effectively meant that no shareholder proposal, board nomination, or strategic change could succeed without his approval.

A Formal Entrenchment of Control

While Facebook’s dual-class system was framed as a protective measure—preserving long-term strategic focus—it also became a legal mechanism to entrench Zuckerberg’s dominance in perpetuity.The company’s IPO filings were explicit about this. In Facebook’s S-1 registration statement, it stated:

“Mr. Zuckerberg will control a majority of our outstanding voting stock and therefore will be able to control all matters submitted to our stockholders for approval.”

This was not simply a theoretical right. In practice, it gave Zuckerberg the ability to:

• Decide who sat on Facebook’s board of
• Approve or block any acquisition, merger, or
• Override shareholder resolutions on governance reforms, such as appointing an independent board chair or changing voting structures.
• Dictate strategic priorities, from investments in artificial intelligence to the pivot to the

Even if all other shareholders voted unanimously for a different path, Zuckerberg’s voting power would prevail.

Governance Philosophy Embodied in Structure: The design of this share system reflected a philosophy that Zuckerberg articulated many times: Facebook was not just another tech company—it was a mission-driven enterprise.Zuckerberg and his advisers argued that if control were diluted, Facebook might become beholden to short-term investors demanding quarterly profits at the expense of innovation or social impact. They believed this could prevent the company from making long-term bets—like acquiring Instagram, investing in virtual reality, or pursuing ambitious plans to connect the developing world.

In a letter included in Facebook’s IPO prospectus, Zuckerberg wrote:“We don’t build services to make money; we make money to build better services.”

This statement captured the essence of why the dual-class system existed. The belief was that only with strong founder control could Facebook pursue what Zuckerberg saw as its higher purpose, unimpeded by the fluctuations of the stock market or activist shareholder campaigns.

Comparative Context: Facebook and Its Peers: Facebook was not alone in adopting this structure. Other Silicon Valley giants had similar systems:

• Google (Alphabet) went public with a dual-class system that gave founders Larry Page and Sergey Brin special voting rights.
• Snapchat took this approach even further, issuing shares with zero voting rights to public
• LinkedIn and Square both used structures that concentrated voting power among

What made Facebook’s implementation notable was its scale and permanence:

• It was one of the largest IPOs in history, raising $16 billion.
• It went public while making no concession to shareholder
• It established a governance precedent that would influence other tech IPOs for

Enduring Power After IPO: After Facebook went public, many observers assumed that over time—through share dilution, sales by early investors, or internal governance evolution—Zuckerberg’s control would naturally wane. But the company made careful provisions to prevent this.

• Transfer Restrictions: Class B shares could not be sold If an insider sold them, they automatically converted to Class A shares with lower voting power.
• Protective Provisions: In the event of death or incapacity, Zuckerberg’s shares could be voted by a designated trustee, ensuring continued alignment with his vision.
• Voting Agreements: Early investors agreed to vote their shares consistently with Zuckerberg on key

As a result, even as Facebook grew into Meta and issued more equity compensation to employees,

Zuckerberg’s effective control remained steady.

Facebook’s dual-class share system was not a temporary expedient. It was a deliberate, foundational decision designed to institutionalize the founder’s authority indefinitely.While this model arguably allowed the company to make bold moves and maintain strategic focus, it also ensured that governance remained fundamentally unbalanced—shielding leadership from the checks and balances that typically define public companies.

This design remains the most distinctive—and controversial—feature of Meta’s governance to this day.

2.4 Internal Controls and Management Hierarchy

Any comprehensive understanding of Meta’s governance must look beyond formal voting structures and board committees to the internal controls and day-to-day management hierarchy that shape how decisions are made, policies are enforced, and crises are navigated.While the company has always emphasized the sophistication of its systems and processes, the reality is that Facebook—and later Meta—developed an organizational culture where power was highly centralized, cross-functional checks were often reactive, and the boundaries between operational priorities and ethical responsibilities were blurred.

2.4.1 The Centrality of the CEO

At the heart of Facebook’s internal controls was the unusually concentrated authority of Mark Zuckerberg himself.

Unlike many tech companies that gradually transitioned to more decentralized leadership as they matured, Facebook retained a structure in which the CEO not only set the overall strategy but also drove product development priorities, resource allocation, and major cultural norms.

This model was shaped by two factors:

1. Zuckerberg’s founder status and dual-class voting power, which allowed him to make decisions insulated from shareholder or board opposition.
2. The company’s belief that rapid product iteration required streamlined, founder-driven leadership rather than bureaucratic deliberation.

Former employees often described Facebook as a place where, ultimately, “everything rolled up to Mark.” Even in 2025, despite the immense scale of Meta’s operations, this dynamic remained largely intact.

2.4.2 The Role of the Chief Operating Officer

From 2008 until her departure in 2022, Sheryl Sandberg was Zuckerberg’s most important counterpart. As Chief Operating Officer, she oversaw:

• Sales and advertising operations
• Policy and communications
• Business development
• Human resources

Sandberg’s arrival brought much-needed operational discipline and maturity to the company. She professionalized revenue generation, building what would become the most powerful targeted advertising business in history. She also managed key regulatory relationships during Facebook’s early controversies.Yet this centralization of commercial and policy functions under a single executive created trade-offs:

• The advertising priorities sometimes conflicted with user privacy.
• Policy decisions, such as content moderation, were shaped by commercial

After Sandberg left, her role was restructured and distributed among several senior leaders, but no single executive held the same unifying influence, reinforcing Zuckerberg’s centrality.

2.4.3 Management Hierarchy and Reporting Lines

Meta’s organizational chart has always been large and complex. As of 2025, it includes tens of thousands of employees across business units such as:

• Facebook (the social platform)
• Instagram
• WhatsApp
• Reality Labs (metaverse and VR initiatives)
• Messenger
• Workplace (enterprise collaboration)

These divisions report up through functional leaders in:

• Product
• Engineering
• Legal and Policy
• Finance
• Operations
• Marketing

At the highest level, the executive leadership team (often referred to internally as the “M-Team”) consists of:

• Chief Product Officer
• Chief Technology Officer
• Chief Financial Officer
• Chief Legal Officer/General Counsel
• Chief Privacy Officer
• Heads of the major platforms (e.g., Instagram and WhatsApp)

This team meets regularly to align business objectives and review critical metrics.Zuckerberg retains the final say on major decisions, especially product roadmaps, capital allocation, and organizational priorities.

2.4.4 Risk Management Functions

One of the most persistent criticisms of Facebook’s internal controls has been the reactive nature of its risk management functions.The company does maintain dedicated teams for:

Trust and Safety – overseeing content moderation policies, coordinating with fact-checkers, and responding to platform abuse.

Data Privacy – implementing compliance with regulations such as GDPR and the FTC consent decree.

Security – protecting against hacking, account breaches, and nation-state interference.

Internal Audit – reviewing operational controls and compliance adherence.Despite their existence, these teams have historically operated with limited authority to challenge or override product teams when conflicts arose between growth and safety.For example:

• Internal documents from the Facebook Papers revealed that when the Civic Integrity team flagged misinformation risks, their recommendations were often deprioritized to avoid dampening
• Privacy engineers warned about excessive data collection, but commercial considerations took

While the company has made incremental improvements—especially post-2020—critics argue that the core incentive structures still favor growth over risk minimization.

1.4.5 Legal, Policy, and Communications

The Legal and Policy organization has grown into a massive global operation, encompassing:

• Regulatory affairs in every major market
• Government relations and lobbying
• Internal investigations
• Crisis communications

During the Cambridge Analytica scandal and the antitrust investigations, the Legal and Policy teams were the main interface between the company and regulators.Former executives have described a culture where legal compliance was often treated as a box-checking exercise, rather than a genuine commitment to transparent governance.In 2021 and 2022, Meta reorganized its policy functions to give them more autonomy, but even then, policy teams remained subordinate to product leadership in the management hierarchy.

2.4.6 The Privacy Program Post-FTC Settlement

The 2019 settlement with the FTC imposed sweeping requirements on Facebook’s privacy program, including:

• Establishing a Privacy Committee at the board level
• Appointing compliance officers personally accountable to regulators
• Conducting quarterly privacy reviews
• Documenting privacy impact assessments for all new products

This was an unprecedented level of regulatory oversight, and in the years that followed, Meta invested heavily in compliance infrastructure.

Independent assessments have questioned the cultural transformation:

• A 2022 whistleblower complaint alleged that data systems remained too fragmented to fully
• The Irish Data Protection Commission fined Meta for GDPR breaches as recently as
• Privacy advocates continue to argue that the management hierarchy has not fully empowered privacy professionals to veto risky practices.

2.4.7 The Metaverse Organization

One of the most consequential shifts in Meta’s management hierarchy was the elevation of Reality Labs, the division responsible for metaverse products.As of 2025:

• Reality Labs employs over 20,000
• The division reports directly to Zuckerberg, bypassing many traditional management
• It commands enormous capital investment—over $40 billion in cumulative

This structure effectively creates a parallel power center within Meta. Insiders describe it as a “company within a company,” but ultimately, strategic decisions still funnel through Zuckerberg himself.While the metaverse initiative has been framed as transformative, it has also faced internal and external scrutiny for:

• Burning cash without clear revenue justification
• Privacy risks from biometric data
• A lack of clarity about content moderation in immersive environments

Once again, the hierarchy reflects a familiar pattern: concentrated control, limited dissent, and a high tolerance for risk in pursuit of strategic ambition.

2.4.8 Crisis Management Processes

Meta has formal processes for managing reputational crises. These include:

• Cross-functional “War Rooms” that bring together policy, comms, legal, and product
• Rapid escalation procedures to senior
• Pre-approved playbooks for content takedowns and public

Yet critics argue that these processes are still reactive rather than proactive. Over and over, the company has faced the same critique: issues only receive sustained attention after they have become public controversies.Examples include:

• The delayed response to COVID-19
• Failure to act swiftly on coordinated harassment
• Repeated internal studies that were ignored until leaked to the

2.4.9 The Persistence of Founder-Centric Culture

Perhaps the most striking feature of Meta’s internal controls, even as of 2025, is how little the cultural dynamic has changed:

1. Product teams are given enormous latitude to experiment and ship
2. Incentives remain strongly tied to engagement and
3. Risk management, privacy, and ethics functions exist but are structurally weaker than the product

In interviews, current and former employees frequently point out that Mark Zuckerberg still plays the decisive role in prioritizing which risks to accept and which to mitigate.

While Meta has expanded its compliance programs and improved documentation, the underlying philosophy—

move fast, take big bets, trust founder instincts—remains remarkably consistent.

2.5 Governance Policies and Charters

Governance policies and charters serve as the formal scaffolding of any corporation’s accountability. They set out the rules, principles, and expectations for how the board and management should operate, how conflicts are managed, and how responsibilities are delegated.At Meta, these policies have evolved incrementally in response to regulatory settlements, public scandals, and the company’s growing role as a global infrastructure platform. Yet a recurring theme emerges: while the language of these policies often reflects best practices, the practical enforcement and cultural integration of these rules have been uneven.

2.5.1 The Corporate Governance Guidelines

Like most public companies, Meta maintains formal Corporate Governance Guidelines, first adopted around the time of Facebook’s IPO in 2012. These guidelines are intended to codify the board’s operating procedures and expectations.Among other provisions, they cover:

• Director Responsibilities:

Directors are expected to exercise independent judgment, oversee management, and represent the interests of all shareholders.

• Board Composition:

Guidelines call for a majority of independent directors and periodic assessment of skills and diversity.

• Board Committees:

The document outlines the purpose and responsibilities of the Audit, Compensation, Nominating, and Privacy Committees.

• Annual Evaluations:

The board is supposed to conduct self-assessments and reviews of committee effectiveness.

While these guidelines check all the boxes of modern governance, observers have often noted that they function primarily as symbolic assurances rather than enforceable guardrails. For example:

• Directors are “expected” to exercise oversight, but with Zuckerberg’s controlling stake, their leverage is inherently limited.
• Annual evaluations occur, but their findings are not routinely disclosed or tied to

2.5.2 Committee Charters

Each board committee at Meta maintains a separate charter, detailing its authority, composition, and reporting obligations.The Audit & Risk Oversight Committee Charter spells out duties such as:

• Overseeing financial
• Monitoring compliance with laws and
• Assessing major risk

The Compensation & Governance Committee Charter specifies responsibilities like:

• Setting executive
• Evaluating director
• Recommending governance

The Privacy Committee Charter, established after the 2019 FTC settlement, obligates the committee to:

• Review quarterly privacy
• Oversee compliance with data protection
• Report findings to the

2.5.3 The Code of Conduct

Meta’s Code of Conduct, updated periodically (most recently in 2024), applies to all employees, officers, and directors. It is designed to articulate the ethical and legal standards that guide day-to-day decisions.

1. Compliance with laws and
2. Prohibitions on conflicts of
3. Expectations for honesty, respect, and
4. Guidelines for reporting concerns (whistleblower protections).

Employees are required to complete annual training and attest to understanding the Code. However, multiple high-profile whistleblower disclosures—especially the Facebook Papers—have shown that adherence to the Code is uneven.Former employees have described:

• Reluctance to challenge questionable practices because of fear of
• A culture where “grey areas” were tolerated in pursuit of
• Perceptions that enforcement varied depending on an employee’s

2.5.4 Conflict of Interest Policy

Meta’s Conflict of Interest Policy requires directors and employees to avoid situations where personal interests could conflict with company interests. This includes:

• Financial investments in competitors or
• Personal relationships that affect decision-
• Outside employment or

All potential conflicts must be disclosed and reviewed by the General Counsel or the Audit Committee. Despite this policy, critics have argued that some conflicts are structural rather than incidental. For instance:

• Zuckerberg’s personal priorities (e.g., metaverse ambitions) often directly shape capital allocation without an independent counterweight.
• The dual role of COO and board member (Sheryl Sandberg’s case) created overlapping

These tensions underscore the limits of policy when structural governance power is concentrated.

2.5.5 Risk Management Policies

Meta maintains a suite of risk management documents addressing:

• Data security
• Privacy impact
• Crisis response
• Regulatory compliance

After the FTC settlement, these documents were updated to require:

• Quarterly certifications of compliance by designated
• Detailed documentation of how risks are evaluated in product
• Regular reporting to the Privacy

As of 2025, external regulators and watchdog groups continue to question the depth of these processes. A 2024 report by the Irish Data Protection Commission concluded:

“Meta’s internal documentation is extensive, but the operational culture does not yet reflect consistent risk aversion.”

This gap between policy and practice remains one of the company’s central governance challenges.

2.5.6 Political Activities and Lobbying Policy

Meta’s Political Activities and Lobbying Policy governs how the company engages with governments and political entities. It requires:

1. Disclosure of political
2. Annual reporting of lobbying
3. Adherence to local laws on campaign

This area has attracted significant criticism, particularly in Europe and the U.S., where lawmakers have accused Meta of using aggressive lobbying to stall or weaken regulation.For example:

• In 2021–2023, Meta spent over $40 million annually on federal lobbying in the S.
• The company was involved in campaigns to influence antitrust legislation and platform liability

Critics argue that while disclosures comply with legal obligations, the scale and strategy of Meta’s lobbying raise ethical questions about whether governance policies meaningfully constrain political influence.

2.5.7 Human Rights and Responsible Innovation Policies

In response to mounting global scrutiny, Meta adopted a Corporate Human Rights Policy and a Responsible Innovation Framework in 2021. These documents commit the company to:

• Respect human rights principles, including freedom of expression and
• Integrate human rights due diligence into product
• Evaluate potential impacts on marginalized

While these frameworks represent progress, implementation remains uneven. For instance:

• Content moderation policies still vary widely across
• Oversight Board decisions, while public, apply narrowly to specific cases rather than systemic

Independent researchers have noted that the Responsible Innovation Framework does not have the force of a binding constraint on how products are ultimately prioritized.

2.5.8 The Oversight Board Bylaws

One of the most novel elements of Meta’s governance architecture is the Oversight Board, an independent body that reviews select content moderation decisions.The Oversight Board operates under its own set of bylaws, which establish:

• The process for case
• Decision-making
• Transparency

Importantly, the board can issue binding decisions on specific content takedowns or reinstatements but can only make non-binding policy recommendations.While the Oversight Board has been celebrated as an innovation in platform governance, critics argue it is not a substitute for broader structural accountability. The bylaws limit its scope to content decisions, excluding questions of algorithmic amplification or commercial incentives.

2.5.9 Training and Enforcement Mechanisms

To reinforce compliance with all these policies and charters, Meta requires:

• Annual training for
• Specialized training for
• Certifications by
• Internal audits and reporting

Yet enforcement remains variable. Several incidents—including the Cambridge Analytica scandal and multiple data breaches—have shown that training and documentation alone are insufficient if incentives favor growth and engagement over caution.

Whistleblower accounts repeatedly describe internal resistance to elevating issues that could slow product launches or reduce user engagement.

2.6 Governance Evolution Post-Cambridge Analytica

Few events in Facebook’s history have been as defining—or as disruptive—as the Cambridge Analytica scandal. What began as an exposé of data harvested without user consent soon escalated into a global crisis, sparking public outrage, congressional hearings, regulatory investigations, and the largest fine ever imposed by the Federal Trade Commission (FTC) on a technology company.The fallout fundamentally altered the conversation about Facebook’s governance. It forced the company to acknowledge weaknesses in oversight and transparency and to promise sweeping reforms. But as this section shows, while there were significant structural

changes in policy, compliance, and public engagement, the deeper tension—a culture built around growth, central control, and reactive accountability—remained stubbornly resistant to transformation.

2.6.1 The Crisis Unfolds

In March 2018, investigative journalists at The Guardian and The New York Times revealed that Cambridge Analytica—a political consulting firm linked to the 2016 Trump campaign—had harvested data from tens of millions of Facebook users without their informed consent.Although Facebook had known since 2015 that data was being misused, it had opted for a quiet legal settlement with the firm rather than public disclosure. When the scandal broke, it ignited a firestorm:

• Regulatory inquiries were launched in the US, UK, and
• The #DeleteFacebook campaign gained
• Mark Zuckerberg was called to testify before Congress in April
• Facebook’s share price fell nearly 20% in the months that

For many stakeholders, Cambridge Analytica became the symbol of Facebook’s governance failures: weak internal controls, an absence of proactive oversight, and a leadership culture that placed growth over user trust.

2.6.2 The FTC Settlement and Structural Reforms

One of the most consequential outcomes was the 2019 FTC settlement, which imposed:

1. A $5 billion fine—by far the largest privacy-related penalty ever
2. A requirement to create an independent board Privacy Committee.
3. Personal certification by Zuckerberg that Facebook was in compliance—meaning he could be held legally accountable for false attestations.
4. Enhanced reporting requirements, including quarterly privacy
5. Documentation and retention of privacy-related decisions for 10

This settlement represented the first major inflection point in Facebook’s governance structure. It forced the company to build formal systems of accountability that extended beyond voluntary pledges or self-regulation.

2.6.3 Expansion of Compliance and Privacy Teams

In response, Facebook dramatically expanded its compliance infrastructure:

• The privacy workforce tripled, adding lawyers, policy specialists, and engineers focused on GDPR and FTC mandates.
• A dedicated Chief Privacy Officer was appointed to oversee risk assessments and internal
• Product teams were required to complete privacy impact assessments before launching
• Senior management began quarterly reporting to the new Privacy

These investments signaled a shift from informal, product-led decision-making toward more procedural governance. But internal accounts suggest that compliance remained reactive, often constrained by the same incentives that had enabled the scandal in the first place.

2.6.4 Creation of the Oversight Board

In 2019, as the company faced intense pressure to prove it could self-regulate, Zuckerberg announced the formation of the Facebook Oversight Board, sometimes called the “Supreme Court of Facebook.”

Its mandate was narrow but unprecedented:

• Review specific content decisions appealed by
• Issue binding rulings on whether posts should be removed or
• Provide non-binding recommendations on broader

The board’s creation was hailed by some as a governance innovation—an external check on content moderation decisions. Others criticized it as a distraction that left more systemic issues, like algorithmic amplification and data collection, untouched.To this day, the Oversight Board remains one of the most visible symbols of Facebook’s governance evolution, though its remit is inherently limited.

2.6.5 The Rise of Risk Frameworks

Post-Cambridge Analytica, Facebook implemented more formal risk management frameworks:

• Product Risk Assessments became mandatory for features with potential social or legal
• The company adopted an enterprise-wide Risk Appetite Statement, outlining thresholds for data use, security, and regulatory compliance.
• New internal committees were tasked with reviewing strategic initiatives through a risk

These changes represented meaningful progress. Yet they also faced cultural resistance. Former employees have described an environment where risk was frequently viewed as an obstacle to growth—something to be “mitigated” on paper while proceeding with core strategies.

2.6.6 The Culture of Apology and Repeat Offenses

Between 2018 and 2021, Zuckerberg and other executives issued a series of public apologies:

• For data
• For platform manipulation by foreign
• For inadequate moderation of hate speech and

Each apology was accompanied by promises of reform and investment in safety. But critics noted that Facebook often cycled through the same pattern: a scandal, a promise of change, and then incremental adjustments without deeper cultural transformation.This cycle reinforced perceptions that while governance policies were evolving, accountability mechanisms remained fundamentally constrained by the founder’s dominance.

2.6.7 Changes in Leadership and Turnover

The years following Cambridge Analytica saw significant leadership turnover:

• General Counsel Colin Stretch left in
• Chief Security Officer Alex Stamos departed after clashing over
• Sheryl Sandberg announced her departure in 2022, marking the end of an

While some new leaders brought fresh perspectives, the centralization of strategic power persisted. This raised questions about whether personnel changes could meaningfully alter the company’s approach to governance and ethics.

2.6.8 The European Regulatory Push

Outside the United States, the Cambridge Analytica crisis energized regulators:

• The EU’s General Data Protection Regulation (GDPR) became a global
• Ireland’s Data Protection Commission levied fines exceeding €1 billion in aggregate by
• The Digital Services Act introduced new transparency and accountability
• The UK and Australia adopted stricter codes for platform

These measures forced Meta to further enhance documentation, audit trails, and user rights. But enforcement remained patchy, and compliance was often reactive.

2.6.9 Whistleblowers and Internal Resistance

Perhaps the most profound governance impact was the rise of employee activism and whistleblowing. Frances Haugen’s 2021 disclosures—“The Facebook Papers”—revealed internal research showing the company was aware of harm caused by its algorithms.

Haugen testified to Congress: “Facebook’s leadership knows how to make their platforms safer but won’t make the necessary changes because they have put their profits before people.”

Her testimony reignited calls for structural reform. Yet while the disclosures spurred public debate, they did not alter the governance model underpinning the company’s decisions.

2.6.10   Governance in 2025: Continuity and Change

As of 2025, Meta’s governance evolution is best described as a mixture of genuine improvement and enduring structural constraint:

1. More formalized compliance
2. Enhanced reporting and risk
3. Greater transparency and engagement with

But also:

1. Centralized power retained by
2. A cultural bias favoring growth and experimentation over
3. Board committees with limited authority to challenge strategic

This dual reality highlights the limits of governance reform when accountability depends on voluntary concessions rather than structural checks.

The Cambridge Analytica scandal marked the beginning of Meta’s long journey to rebuild trust and modernize governance. It forced the company to implement more robust policies, expand compliance, and engage in public dialogue about ethics.Yet for all these improvements, the deeper story is one of continuity: a governance structure built to preserve founder control, insulated from external pressures, and resistant to systemic change.