“Are you a monopoly?”
U.S. Senator Graham asked billionaire Mark Zuckerberg that question when the CEO and chairman of Facebook testified last month. Facebook’s Cambridge Analytica scandal may have prompted the current clash between American lawmakers and the world’s biggest social network, but the real fight starts this month as the General Data Protection Regulation of the European Union comes into force. Still, just like Senator Graham, the GDPR misses the heart of Facebook’s privacy nightmare.
Zuckerberg, not Facebook, is the monopoly.
His corporate dominance is uncommon for large American public companies. Startup founders traditionally see their ownership diluted throughout the funding life cycle. But Zuckerberg has kept 60% of voting rights in Facebook. He can single-handedly select members of the board of directors and has the last say on the overall strategy and management of the company.
The public got a taste of Zuckerberg’s monopolistic practices last May. He announced the sale of 99% of his financial claim in his “baby,” which under a standard corporate governance model would have made his stake in Facebook negligible. But what seemed like a concession at first turned out to be a masterful plan to retain voting rights in the ongoing battle over shareholder control. Zuckerberg’s grabbed power through the issuance of a new class of shares, termed “C” shares. This new stock structure would have consolidated Zuckerberg’s ruling with no dollar downside, leaving most market risk at the hands of minority shareholders.
Not surprisingly, the new stock structure did not win the support of investors. They filed a lawsuit. But by the time Zuckerberg had to appear in court, his ownership concentration had increased to such levels that there was no need to execute his masterful “C” plan anymore. He successfully avoided confrontation this time around, but this would not be the last investor clash.
More recently, the Cambridge Analytica case ended in the filing of several other lawsuits after the personal data of over 87 million individuals was compromised. In Europe, the new GDPR would charge Facebook a 4% annual global revenue fine for not notifying users about the data negligence. In the U.S., however, 37 U.S. state attorneys signed a letter asking him to speak up, to become transparent about his wrongdoings. And he did. “It was my mistake.” “I’m sorry.” “I’m responsible for what happens here.”
But who keeps Mark Zuckerberg in check?
No one. The trade-off between wealth and control is called the Founder’s Dilemma. USC Professor Noam Wasserman found, from a sample of 212 American startups, that by the time new ventures are three years old, half of their founders were no longer CEOs. Many of those CEOs traded the command of their company for wealth; others were forced out after amassing their fortunes. But not only won’t Zuckerberg leave, he cannot be ousted either.
As a business student at Dartmouth and a policy student in Zuckerberg’s alma mater, I take offense at the way he is bypassing decades of progress made in corporate governance best practices. According to the 2017 Spencer Stuart U.S. Board Index, 85% of S&P 500 companies have a majority of independent directors in their boards. This trend is beneficial both for the companies and for global financial systems in the distribution of risk. Yet Facebook’s board is far from gaining even any small trace of independence: Zuckerberg has the formal authority to single-handedly choose—and dismiss—each and every director.
In other tech giants, it is the CEO—not the board—that is at risk for ousting. Groupon founder Andrew Mason, for example, was fired by his board during an inflection point in the company’s history. In his resignation letter he wrote: “I’ve decided that I’d like to spend more time with my family. Just kidding – I was fired today. If you’re wondering why… you haven’t been paying attention.” Even famous founders like him have to abide by board decisions: Steve Jobs at Apple, Rob Kalin at Etsy, Travis Kalanick at Uber. Their boards had the competency to objectively evaluate them in the face of underperformance or reputational loss. But by Zuckerberg’s design, Facebook’s board doesn’t have the independence to do so.
Facebook’s mismanagement of data privacy is only a symptom of its corporate dictatorship. And the GDPR alone won’t solve it.
The tech company must embed accountability standards in its corporate governance principles and put a halt to Mark Zuckerberg’s monopoly. To ensure the independence of Facebook’s board, the roles of CEO and chairperson should be separated and a nominating committee with independent directors proposed by minority shareholders—the 40%—should be created. Only then will Facebook’s board be able to make Mark Zuckerberg face the consequences of his mistakes.
Or let him go.
First published in EurActiv on May 21st 2018.