Meta abruptly settled a USD$8 billion shareholder lawsuit this Thursday with a last-minute agreement for an undisclosed amount, avoiding a trial that would have subjected its top leadership to rare public scrutiny.

The case, filed in 2018 but only cleared for trial the previous week, stemmed from revelations that the now-defunct political consultancy Cambridge Analytica had accessed data from millions of Facebook users. The firm had worked on Donald Trump’s 2016 presidential campaign.

The trial, which would have been decided by Delaware Chancery Court Chief Judge Kathaleen McCormick, would have featured testimony from CEO Mark Zuckerberg, former Chief Operating Officer (COO) Sheryl Sandberg, venture capitalist Marc Andreessen, and former board members Peter Thiel and Netflix co-founder Reed Hastings, who were being held personally liable for failing to prevent the breach. They claimed that the executives had allowed repeated violations of a 2012 consent order with the U.S. Federal Trade Commission (FTC), which prohibited the unauthorised harvesting of user data.

Zuckerberg had previously dismissed the allegations as “extreme,” and maintained that Cambridge Analytica had deceived Facebook.

The lawsuit was brought under Delaware’s Caremark doctrine, one of the most difficult legal standards for shareholders to meet. However, Delaware courts have increasingly allowed such claims to advance. In 2021, for instance, Boeing’s board settled a similar derivative lawsuit that flowed from two fatal crashes involving Boeing 737 Max aircraft. In denying the motion to dismiss, the court held that aircraft safety was a “mission-critical” board oversight responsibility and that the Boeing board failed to satisfy the Caremark standards. Ultimately, the litigation settled for USD$237.5 million, one of the largest derivative settlements in history.

Unpacking Delaware State’s Caremark doctrine

Delaware is the corporate home of the majority of U.S. public companies, including major technology firms such as Meta and Tesla. More than 60% of Fortune 500 companies are incorporated in Delaware, making its legal system, particularly the Court of Chancery, the most influential authority on corporate governance and fiduciary duties in the United States.

One of Delaware’s most notable contributions to corporate law is the Caremark doctrine, which establishes the oversight responsibilities of directors. The term “Caremark duties” has become shorthand for a board member’s affirmative obligation to establish effective internal monitoring systems and to oversee their ongoing performance.

The doctrine originates from the 1996 case In re Caremark International Inc. Derivative Litigation, which laid out the standard for director liability in oversight failures. Under the Caremark framework, a director may be held liable if:

1. The board utterly failed to implement any reporting or information systems to monitor key corporate risks.
2. Even where such systems were in place, the board failed to monitor or respond to red flags appropriately.

Over time, the Caremark doctrine has evolved, reflecting a growing readiness on the part of Delaware courts to hold directors accountable not just for their actions, but also for their failures to act. This includes liability for nonfeasance, or the failure to act where oversight was required.

Business and Human Rights: Reputation-Risk Matrix

While Kenya does not have a “Caremark doctrine” by name, similar obligations exist under the Companies Act, 2015, which imposes a duty of care and fiduciary responsibility on directors that form the basis for derivative actions.

Although Kenyan jurisprudence on such claims remains rooted in traditional corporate governance matters, Meta’s recent settlement of the Delaware case over data privacy breaches highlights a growing trend in shareholder activism where directors are increasingly being held accountable for human rights violations.

The UN Guiding Principles on Business and Human Rights (UNGPs), endorsed by the United Nations Human Rights Council in 2011, are the prevailing global standard on business and human rights. They require businesses to respect human rights wherever they operate, regardless of the regulatory environment or a state’s capacity to enforce human rights obligations.

The UNGPs are built on a three-pillar framework. First is the state duty to protect, which obligates governments to prevent, investigate, and address human rights abuses committed by third parties, including business enterprises. Second is the corporate responsibility to respect, which requires businesses to avoid infringing on human rights and to take action to address any adverse impacts with which they are involved. The third pillar is access to remedy, which affirms that individuals affected by human rights abuses must be able to seek and obtain effective remedies through both judicial and non-judicial mechanisms.

The State of Delaware is increasingly setting legal precedents and expanding the boundaries of shareholder litigation. While many of the most prominent cases, such as the recent Meta lawsuit, have been resolved through high-value settlements, they represent a growing trend toward heightened corporate accountability, particularly with regard to director oversight responsibilities and human rights concerns.

Human Rights Assessment as a Corporate Risk Management Tool

This evolving legal environment has significant implications for businesses operating in emerging markets, including those in East African countries. It underscores the need to integrate human rights standards not merely as regulatory compliance measures, but as integral components of strategic risk management and corporate governance.

To align with this shift, companies must institutionalise human rights due diligence (HRDD) processes across all aspects of their operations. This involves identifying potential human rights risks, integrating those findings into business decision-making, monitoring the outcomes of mitigation efforts and communicating transparently about how such risks are being addressed.

Global firms, such as Apple, have already adopted robust HRDD frameworks. They conduct annual assessments focused on key human rights risks and engage proactively with civil society organisations, labour unions, and international bodies, such as the United Nations. This level of operational transparency strengthens their resilience against shareholder activism, reputational damage and external advocacy campaigns.