Privacy Committee Charter

Effective as of May 12, 2020

I. PURPOSE

The Privacy Committee (the “Committee”) of the Board of Directors (the “Board”) of Facebook, Inc. (the “Company”), through delegation from the Board, has principal responsibility to assist the Board with respect to privacy and data use matters, including overseeing:

  • compliance with the comprehensive privacy program (the “Privacy Program”) adopted by the Company in compliance with the Federal Trade Commission’s order in FTC Docket No. C-4365 published on April 28, 2020 (the “FTC Order”);
  • management’s periodic assessment of the Privacy Program and any related policies with respect to risk assessment and risk management;
  • the selection and performance of one or more qualified employees to coordinate and be responsible for the Privacy Program (each, a “Designated Compliance Officer”)
  • the selection of an independent, third-party assessor to be selected by the Company to review the Company’s privacy practices (the “Assessor”); and
  • the Assessor’s biennial assessments of the Privacy Program (each, an “Assessment”)

This Charter sets forth the authority and responsibilities of the Committee in fulfilling the purposes described herein. In fulfilling their responsibilities, it is recognized that members of the Committee are not full-time employees of the Company. The functions of the Committee are not intended to duplicate or substitute for the activities of management, any Designated Compliance Officer or the Assessor in connection with the Privacy Program and the Company’s privacy practices. Unless approval by the Committee is specifically required pursuant to this Charter, the FTC Order or other applicable law, the responsibility for overseeing the Company’s data and information privacy matters resides with the Company’s management.

In furtherance of the responsibilities of the Committee described in this Charter, each member of the Committee shall be entitled to rely on (1) the integrity of those persons and organizations within and outside of the Company from which it receives information and (2) the accuracy of the information provided to the Committee by such persons or organizations absent actual knowledge to the contrary.

Although this Charter should be interpreted in the context of the FTC Order and the Company’s Certificate of Incorporation and Bylaws, it is not intended to establish by its own force any legally binding obligations.

II. MEMBERSHIP

The Committee will consist of three or more members of the Board, with the exact number determined from time to time by the Board in accordance with the prior recommendation of the Compensation, Nominating & Governance Committee. No decrease in the number of members constituting the Committee shall shorten the term of any incumbent member of the Committee, unless such member has otherwise been removed from the Committee in accordance with this Charter. Each member of the Committee must:

  • be an “independent director” as defined under the applicable rules, regulations and listing requirements of the stock exchange upon which the Company’s securities are listed for trading (the “Exchange Rules”);
  • be free from any relationship that, in the opinion of the Compensation, Nominating & Governance Committee, would interfere with the exercise of independent judgment by such member in carrying out his or her responsibilities as a Committee member;
  • not be an executive officer or employee of the Company; and
  • in the opinion of the Compensation, Nominating & Governance Committee, possess (1) the ability to understand corporate compliance and accountability programs and to read and understand data protection and privacy policies and procedures and (2) such other relevant privacy and compliance experience reasonably necessary to exercise his or her duties as a member of the Committee (the “Privacy and Compliance Baseline Requirements”)

All members of the Committee will be appointed by, and will serve at the discretion of, the Board; provided, however, that the Compensation, Nominating & Governance Committee shall have the sole authority to recommend the appointment of members to, or the removal of members from, the Committee, such that the Board may not approve any such appointment or removal in the absence of a recommendation to do so from the Compensation, Nominating & Governance Committee. The members shall each serve until their respective terms as members of the Board shall expire, subject to their earlier death, resignation or, to the extent removal is recommended by the Compensation, Nominating & Governance Committee, removal by the Board. The Board may appoint a member of the Committee to serve as the chairperson of the Committee (the “Chair”); if the Board does not appoint a Chair, the Committee members may designate a Chair by majority vote. The Chair will set the agenda for Committee meetings and conduct the proceedings of those meetings.

III. RESPONSIBILITIES AND DUTIES

The principal responsibilities and duties of the Committee in serving the purposes outlined in Section I of this Charter are set forth below. These duties are set forth as a guide, with the understanding that the Committee will carry them out in a manner that is appropriate given the Company’s needs and circumstances. The Committee may supplement them as appropriate and may establish policies and procedures from time to time that it deems necessary or advisable in fulfilling its responsibilities.

The Committee will:

  1. Receive, no less than annually, the written Privacy Program, and any evaluations thereof or adjustments thereto.
  2. Receive, on at least an annual basis, a review from management of the Privacy Program and any material risks to the privacy, confidentiality, and Integrity (as defined in the FTC Order) of the Covered Information (as defined in the FTC Order) and the steps the Company has taken or plans to take to monitor or mitigate such risks, including procedures and any related policies with respect to risk assessment and risk management.
  3. Approve or reject management’s selection of the proposed Designated Compliance Officer(s), and make determinations as may be necessary or appropriate regarding the removal of any Designated Compliance Officer, who may be removed only by an affirmative vote of a majority of the Committee.
  4. Approve or reject management’s selection of the Assessor, and make determinations as may be necessary or appropriate regarding the removal of the Assessor, who may be removed only by an affirmative vote of a majority of the Committee.
  5. Assess the Assessor’s independence periodically, including reviewing all material relationships between the Assessor and the Company and receiving from the Assessor a written disclosure of all such relationships.
  6. Review with management, at least annually, the Company’s compliance with the General Data Protection Regulation and other applicable privacy and data use laws.
  7. During each regular quarterly meeting:
    1. receive a briefing from management regarding (i) the state of the Privacy Program, (ii) the Company’s compliance with the FTC Order, and (iii) material risks to privacy, confidentiality, and Integrity of the Covered Information that have been discovered since the most recent meeting of the Committee or that were raised by management in a prior meeting with the Committee and continue to persist.
    2. meet with management and the Assessor to receive the Assessor’s review of (a) the ongoing assessment of the Privacy Program by the Assessor and (b) any material risks to the privacy, confidentiality and Integrity of the Covered Information that have been identified by the Assessor since the Assessor’s most recent meeting with the Committee or that the Assessor raised in a prior meeting with the Committee and which continue to persist; and
    3. meet with the Assessor in executive session, together with any other independent directors in attendance and without management present, to discuss matters involving the Assessment or other privacy-related issues or risks, as appropriate.
  8. Following the conclusion of each biennial Assessment, review with the Assessor:
    1. the Assessment;
    2. any material issues raised by the most recent Assessment or material unresolved issues from prior Assessments; and
    3. in executive session, without management present, any problems or difficulties with management.
  9. Following the review of the biennial Assessment (at either the same meeting or the following meeting), meet with management to review management’s proposed remediation plans to address any issues raised in the Assessment.

IV. STUDIES AND ADVISERS

The Committee may conduct or authorize studies of, or investigations into, any matter that is within the Committee’s scope of responsibility, with full access to all books, records, facilities and personnel of the Company. The Committee has the authority and right, at the expense of the Company and in the Committee’s sole discretion, to retain or obtain the advice of (or to terminate the engagement of) legal counsel, privacy and other consultants, experts and advisers of its choice to assist the Committee in connection with its functions, including any studies or investigations, but only after taking into consideration those factors that may be required by applicable law or listing standards or that the Committee otherwise considers appropriate. The Committee will be directly responsible and will have sole authority for the appointment, compensation (including fees and other retention terms) and oversight of the work of any such advisers. The Company must provide for appropriate funding, as determined by the Committee, for:

  • payment of reasonable compensation to any legal counsel, consultants, experts or advisers retained by the Committee; and
  • ordinary administrative expenses of the Committee that are necessary and appropriate in carrying out its functions.

V. MEETINGS, ACTIONS WITHOUT A MEETING AND STAFF

The Committee will meet at least once per quarter, as determined appropriate by the Committee. The Chair, in consultation with the other members of the Committee, will set the dates, times and places of such meetings. The Committee will report to the Board from time to time with respect to the activities of the Committee. A quorum of the Committee for the transaction of business will be a majority of its members. Meetings may be held via tele- or video-conference. The Committee may also act by unanimous written consent in lieu of a meeting in accordance with the Company’s Bylaws. Subject to the requirements of the FTC Order, this Charter, applicable law, and the Exchange Rules, the Committee and the Chair may invite any director, executive or employee of the Company, or such other person as it deems appropriate in order to carry out its responsibilities, to attend and participate (in a non-voting capacity) in all or a portion of any Committee meeting. The Committee may exclude from all or a portion of its meetings any person it deems appropriate in order to carry out its responsibilities. The Chair will designate a secretary for each meeting, who need not be a member of the Committee. The secretary of the Company shall provide the Committee such staff support as it may require.

VI. MINUTES AND REPORTS

The Committee will maintain written minutes of its meetings and copies of its actions by written consent, and will cause such minutes and copies of written consents to be filed with the minutes of the meetings of the Board. The Chair will periodically report to the Board on the Committee’s deliberations and actions. The minutes of the Committee and actions by the unanimous written consent of the Committee members will be made available to the other members of the Board unless the Committee in good faith deems it necessary to not make such materials available in order to carry out its responsibilities, subject to applicable law.

VII. COMPENSATION

Members of the Committee will receive such fees, if any, for their service as Committee members as may be determined from time to time by the Board, in accordance with the recommendation of the Compensation, Nominating & Governance Committee, which may include additional compensation for the Chair. Such fees may include retainers or per meeting fees and will be paid in such form of consideration as is determined by the Board in accordance with applicable law and the Exchange Rules and the recommendation of the Compensation, Nominating & Governance Committee.

VIII. DELEGATION OF AUTHORITY

Subject to the requirements of the FTC Order, the Committee may form and delegate authority to subcommittees comprised of other members of the Board qualified to perform such responsibilities in accordance with the rules and regulations of the Securities and Exchange Commission and any other requirements of applicable law if the Committee feels this is appropriate.

IX. REVIEW OF COMMITTEE COMPOSITION, PERFORMANCE AND CHARTER

The Committee will evaluate the Committee’s composition and performance in connection with the annual evaluation of the Board. The Committee will also review and reassess the adequacy of this Charter at least annually, and recommend to the Board and the Compensation, Nominating & Governance Committee any changes the Committee determines are appropriate.

Download

Document View / Download

Members

Committee Members

Peggy Alford
Nancy Killefer
Robert Kimmitt

Chair
Member