Technology companies in investor crosshairs

Several large technology companies faced increased scrutiny from institutional investors on issues ranging from board diversity and independence to voting structures, content-management enforcement and risk management at recent annual meetings.

There were some immediate shareholder victories. At Facebook Inc.'s annual meeting May 31, Chief Operating Officer Sheryl Sandberg announced the company was establishing a policy to consider diverse candidates for vacant director positions. Amazon.com Inc. officials made a similar announcement in the days leading up to its May 30 shareholder meeting.

Whether companies will adopt the other governance changes investors seek, however, remains to be seen. Along with Facebook and Amazon, annual shareholder meetings for Twitter Inc., Alphabet Inc. (the parent company of Google), and Tesla Inc. all took place within the past two weeks.

At Twitter, a shareholder proposal requesting the company report on how it enforces its terms of service to prevent election interference, fake news, hate speech and sexual harassment from being posted to its platform was supported by 36% of shareholder votes. The non-binding proposal required a majority vote to pass.

At Facebook, where CEO and Chairman Mark Zuckerberg controls about 60% of the voting rights, the same proposal was supported by 10% of total votes. New York state Comptroller Thomas DiNapoli's office estimates at least 40% of non-management votes supported the proposal. At Alphabet, the proposal was supported by 13% of total votes. Alphabet, like Facebook, has a dual-class share structure.

In the proposals at Facebook, Twitter and Alphabet, the filers — Mr. DiNapoli, sole trustee of the $206.9 billion New York State Common Retirement Fund, Albany, and Arjuna Capital — pointed to the global controversies the companies faced over reported election interference, the dissemination of "fake news" and hate speech, among other issues. The investors, who describe the companies' current content policies as "reactive, not proactive," expressed concern that failure to proactively address these issues poses "regulatory, legal and reputational risks to shareholder value."

The proposals were filed ahead of the March revelation that Cambridge Analytica, a data-mining company that was a digital consultant to Donald Trump's 2016 presidential campaign, harvested the personal data of about 87 million Facebook users. New York State Common held 6.7 million shares in Facebook, 1.4 million shares in Twitter, and 1.8 million shares in Alphabet, valued at $1.3 billion, $47.9 million and $2 billion, respectively, as of May 31.

Spokesmen for Twitter and Alphabet declined to comment on the results of their annual meetings. In its proxy statement, Twitter opposed the content governance report, arguing the report was unnecessary in light of its current practices and transparency, and expressed concern that expanded disclosure could "reduce the effectiveness of (its) safety efforts by providing a road map for ... bad actors."

Alphabet also said in its proxy statement that a report was not necessary given its previous work in this area and its commitment to do more and keep the public informed about its efforts.

A Facebook spokeswoman declined to comment on the content governance proposal but pointed to a transparency report, Facebook's website and Securities and Exchange Commission filings as sources of information on the company's efforts.

Patrick Doherty, director of corporate governance in Mr. DiNapoli's office, said June 6 that the comptroller's office anticipates refiling the proposals for consideration at the 2019 meeting if Twitter, Facebook and Alphabet do not comply with the comptroller's request for reports on the efficacy of their content management enforcement.

Data privacy issues played a role in the Florida State Board of Administration's support of a shareholder proposal calling for Facebook to report on the merits of establishing a risk oversight committee.

Jacob Williams, corporate governance manager at the Tallahassee-based board, said the FSBA doesn't always support proposals requesting formation of specific board committees, but in this instance felt it was appropriate.

"As it (has) played out in a lot of headlines, Facebook's historical policies of sharing user data with third-party apps, foreign and domestic companies, and device manufacturers have created high risk outcomes," he said. "The need for ongoing safeguards of user data and oversight of potential risks to the company's business model seem to justify a company report on the merits of adding a risk oversight committee."

The risk oversight proposal, brought by Trillium Asset Management, also was filed ahead of the Cambridge Analytica revelation. Open Mic, a non-profit that works with investors on corporate accountability issues at technology companies, estimated that nearly 50% of outside investors supported the risk oversight proposal.

For another year, the Florida board — which oversees the $167 billion Florida Retirement System and held 4.1 million shares in Facebook valued at $792.8 million as of May 31 — supported a shareholder proposal to change voting at Facebook to one share/one vote.

Mr. DiNapoli's office estimates the 2018 one share/one vote shareholder proposal was supported by a majority of outside investors just as it was in 2017. As in previous years, Facebook defended its current capital structure in its proxy statement, arguing it "insulates" the board and management from short-term pressures and allows them to focus on the company's mission and long-term success. The board also already spends a significant amount on risk oversight matters, the company said in the filing.

While it is not the first time tech companies have "taken heat" from institutional investors over their governance practices, some of these companies are "being held to the fire a bit now that certain controversies are coming to the surface," said Kern McPherson, San Francisco-based senior director of North American research at proxy-voting advisory firm Glass Lewis & Co.

Along with Facebook, Mr. McPherson pointed to Equifax Inc. as another company in the spotlight recently for data security lapses. At Equifax's May 3 shareholder meeting — which took place roughly eight months after the credit reporting agency revealed that more than 145 million U.S. consumers' personal data had been hacked — Mr. DiNapoli voted against all incumbent directors for demonstrating what the comptroller's office said was "a poor response" to the data breach.

Ultimately, shareholders voted in favor of all 10 directors up for re-election, with support levels ranging from 64% to 99%; Chairman Mark Feidler received the lowest.

"Honestly, many big companies have been hacked over (the) last few years in a very public way. That has enhanced the scrutiny investors have about companies' oversight of data security," Mr. McPherson said.

In light of these controversies, companies are going to have to approach the coming months "being highly aware of the potential risks out there and being ready to explain to investors how their boards are positioning themselves to manage those risks effectively," Mr. McPherson said.

"The classic quote that you hear when you talk about tech companies is (they) move fast (and) break things. In many cases, they moved quickly and didn't necessarily consider governance very carefully, and now we're starting to see some of the backlash when things do break or don't go as planned," Mr. McPherson added. "That's when you start having to turn to your corporate governance and making sure that you are putting the right framework in place to manage those risks."

Marc Goldstein, Rockville, Md.-based head of U.S. research at proxy-voting advisory firm Institutional Shareholder Services Inc., said he believes there will be increased attention paid to companies' voting structures — like those at Facebook and Alphabet — where the founders maintain control despite owning a minority of shares.

There are "real drawbacks" for shareholders inherent in the lack of shareholder ability to hold management accountable at those companies, Mr. Goldstein said.

He also expects shareholders will be watching how tech companies comply with the European Union's new data protection rules, which put the onus on all companies that hold personal data of EU citizens — regardless of the firm's location — to keep that information safe from privacy and data breaches.

The issues of content management, and gender and ethnic diversity are also not going away, according to Mr. Goldstein.

"The tech industry isn't going to be able to change overnight," Mr. Goldstein said. "I do think they are going to make efforts to improve, on the diversity front in particular, but I don't think it's going to happen so quickly that it's going to go away as an issue for shareholders and activists of various kinds."