Meta’s $8bn lawsuit settled

Implications for directors in England to consider

Corporate23.07.20254 mins read

Key takeaways

Board oversight must match digital risks

Data governance failures can trigger major liability.

Directors’ duties are under the spotlight

English law demands proactive, documented compliance.

Shareholder action is a growing Threat

Poor governance may lead to personal legal claims.

Meta’s $8bn lawsuit settled: Implications for directors in England to consider

In a landmark development, current and former directors and officers of Meta Platforms Inc. (Meta) recently agreed to settle an $8 billion claim from shareholders that alleged serious governance failures by the board of directors. The shareholders had asked the judge to order the 11 defendants named in the case to reimburse Meta for more than $8 billion in fines and legal costs, which they say the company has had to pay in order to resolve claims of users’ privacy breaches. The shareholders were seeking $8 billion (circa £6 billion) in damages, however, it is unclear how much they actually agreed to settle for.

While the claim was brought under U.S. law, the allegations raise important questions about how similar conduct might be treated under the statutory framework for directors’ duties in England, and is a stark reminder of the duties which directors have to shareholders and the company.

The case against Meta’s board

The claim by Meta’s shareholders was filed in 2018, after it was revealed that data from millions of Facebook users was accessed by Cambridge Analytica, a political consulting firm that worked for President Donald Trump’s 2016 election campaign.

The shareholders alleged that Meta’s directors (including CEO Mark Zuckerberg and other high-profile board members) breached their fiduciary duties by:

  • Failing to enforce a 2012 Consent Order with the U.S. Federal Trade Commission (FTC) regarding user data privacy. The FTC fined Facebook (Meta’s previous name) $5 billion in 2019 after finding that it failed to comply with a 2012 agreement with the regulator to protect users’ data.

  • Overlooking or ignoring red flags about data misuse.

  • Causing the company to incur billions of US dollars in regulatory fines and reputational damage.

The settlement announced on 17th July 2025, one of the largest of its kind, was reached without any admission of wrongdoing. However, it has reignited global discussions about board accountability in the digital age.

Directors’ duties under English law

In England, directors’ responsibilities are codified in the Companies Act 2006, which sets out seven core duties of directors:

  1. Act within powers (s.171)

  2. Promote the success of the company (s.172)

  3. Exercise independent judgment (s.173)

  4. Exercise reasonable care, skill and diligence (s.174)

  5. Avoid conflicts of interest (s.175)

  6. Not accept benefits from third parties (s.176)

  7. Declare interest in proposed transactions (s.177)

These duties are owed to the company, and breaches can give rise to personal liability, including through derivative claims brought by shareholders on behalf of the company.

How could this impact directors under English company law?

If a similar scenario occurred with respect to a company in England, it is possible that several duties of the directors would come under scrutiny including the following:

  • Section 174 (duty to exercise reasonable care, skill and diligence): A failure to implement or monitor effective data governance systems could be seen as a breach of this duty to exercise reasonable care, skill, and diligence.

  • Section 172 (duty to promote the success of the company): Directors who allow practices that expose the company to regulatory sanctions and reputational harm may be found to have failed in their duty to promote the company’s long-term success.

  • Section 175 (duty to avoid conflicts of interest): If any director had undisclosed interests in third-party data arrangements, this could trigger a breach of the duty to avoid conflicts of interest.

Key takeaways for directors in England

The Meta case offers a cautionary tale for directors, particularly in sectors where data protection, regulatory compliance, and reputational risk are paramount. Directors should consider the following:

  • Ensure that the company’s compliance and risk management systems are robust and regularly reviewed.

  • Maintain clear records of board deliberations, especially where risks are identified and mitigated.

  • Directors must not rely solely on management assurances; they should ask probing questions and seek independent advice where necessary.

Conclusion

While the Companies Act 2006 provides a comprehensive framework for directors’ duties, enforcement often depends on shareholder vigilance and judicial interpretation. The Meta settlement underscores the importance of proactive governance and the potential consequences of board inaction.

At Hill Dickison, we advise directors and companies on navigating their legal obligations and mitigating governance risks. If you would like to discuss how these issues may affect your board or business, please get in touch with our Corporate team.

Your content, your way

Tell us what you'd like to hear more about.

Preference centre