Data Privacy Proxy Voting Guidelines 2025

Data Privacy Proxy Voting Guidelines 2025

Data privacy is a critical issue in the digital age, focusing on individuals' rights to control their personal information. The Proxy Voting Guidelines for External Managers, approved on April 3, 2025, provide a framework for addressing shareholder resolutions related to data privacy. These guidelines emphasize the importance of transparency and accountability in how companies handle personal data, including sensitive information such as health and financial data. Investors are encouraged to consider the evolving regulatory landscape and the implications of data collection practices on civil rights. This document is essential for stakeholders interested in corporate governance and responsible data management.

Key Points

  • Outlines shareholder resolutions focused on data privacy practices.
  • Emphasizes the importance of transparency in data collection and usage.
  • Addresses concerns about civil rights violations related to data privacy.
  • Recommends independent assessments of data privacy risks for companies.
  • newtopiccyclegrowin
183
/ 2
PRESIDENT AND FELLOWS OF HARVARD COLLEGE
CORPORATION COMMITTEE ON SHAREHOLDER RESPONSIBILITY
OFFICE OF THE GOVERNING BOARDS
(617)
495-1534
L
OEB HOUSE, 17 QUINCY STREET
C
AMBRIDGE, MA 02138
Proxy Voting Guidelines for External Managers
Topic: Technology & Media OR Human Rights
Subtopic: Data Privacy
Approved: April 3, 2025
Description:
Resolutions on this topic may ask companies to disclose their data privacy policies, conduct
audits or assessments of certain data privacy risks, or implement data privacy principles or
standards.
Topic background:
Data privacy is the right of individuals to control how their personal information is collected,
used, shared, and stored by various entities, such as corporations and governments. It concerns
not only the protection of sensitive information, such as financial, health, or biometric data, but
also the respect for individuals' preferences, choices, and values regarding their data.
Data privacy has become an increasingly important issue in the digital age as more data are
generated and processed by online platforms, mobile applications, devices, and services. Data
privacy for children and teens raises distinctive concerns. Companies must balance their
legitimate business interests with the rights and expectations of their stakeholders such as
customers and employees. Some proponents of shareholder resolutions on this topic are
concerned that a company’s data collection efforts violate individuals’ civil rights by unfairly
and disproportionately targeting and surveilling people of color, immigrants, or civil society
organizations.
Shareholder resolutions aim to address companies' practices regarding the collection, use,
disclosure, and protection of personal data. These resolutions may request companies disclose
their data privacy policies, conduct audits or assessments of their data privacy risks, implement
data privacy principles or standards, adopt data minimization or deletion practices, enhance data
security measures, or report on the impacts of data privacy issues on their business operations
and stakeholder relations. Data privacy resolutions reflect the growing awareness and demand of
investors, consumers, regulators, and civil society for more transparency and accountability from
companies that handle large amounts of personal data. Some shareholder resolutions address
how a company plans to protect, or what risks it faces, in collecting personal health data or other
types of data that could be used to enforce new restrictive abortion laws such as geolocation,
browser search history, or purchases.
Considerations for voting:
Page 1 of 2
Page 2 of 2
Given the evolving regulatory landscape for data privacy, investors may want to consider
whether a proposal is redundant or whether existing or expected laws address the
proponent's concerns.
It is important to understand the type of data being collected and stored on individuals by
a company. For example, health and medical data are subject to higher standards of
privacy than consumer purchase history data. If information is claimed to be anonymized,
it is important to understand the anonymization standards being followed.
We generally recommend caution regarding shareholder proposals that prescribe specific
procedures for personal information. Such proposals might be seen as intruding upon
management’s prerogative to conduct the company’s business.
Depending on a company’s revenue stream, we believe reporting on privacy policies may
usefully contribute to risk assessment in areas central to a company’s business.
Illustrative examples of votes:
1. Vote in support of shareholder resolutions that request the company disclose its data
privacy policies.
2. Vote in support of shareholder resolutions that request the company commission an
independent study at a reasonable cost and report to shareholders regarding:
The extent to which such technology may endanger, threaten, or violate privacy
and/ or civil rights.
The extent to which such technology may disproportionately targets people of
color, immigrants, activists, and children and teens.
The extent to which such technologies and/or data are marketed and sold to
governments.
3. Vote in support of shareholder resolutions that the Board issue a public report assessing
consumer privacy protections and controls over sensitive personal data, particularly
health data.
4. Vote against shareholder resolutions that are overly prescriptive in directing a company’s
approach to managing data privacy.
Harvard offers broader general guidance on its recommended approach to considering shareholder
resolutions in “Overview of Harvard University’s Proxy Voting Guidelines for External Managers
(follow link to download full text). When determining votes on resolutions, we consider each resolution
in light of this general guidance as well as in light of a resolution’s specific request and contextual
information about the relevant company and its approach to the issue. Any reporting should be issued at
reasonable cost and omit proprietary information.
/ 2
End of Document
183
You May Also Like

FAQs of Data Privacy Proxy Voting Guidelines 2025

What are the main themes of the Proxy Voting Guidelines for Data Privacy?
The Proxy Voting Guidelines for Data Privacy focus on transparency, accountability, and the protection of personal information. They highlight the rights of individuals to control their data and the responsibilities of companies to disclose their data privacy policies. Additionally, the guidelines address the potential civil rights implications of data collection practices, particularly for marginalized communities. The document serves as a framework for investors to evaluate corporate practices regarding data privacy.
How do the guidelines suggest companies should handle data privacy?
The guidelines recommend that companies disclose their data privacy policies and conduct regular audits to assess data privacy risks. They advocate for the implementation of data privacy principles and standards to protect sensitive information. Companies are encouraged to adopt data minimization practices and enhance data security measures to safeguard personal data. Furthermore, the guidelines suggest that companies report on the impacts of data privacy issues on their operations and stakeholder relations.
What considerations should investors keep in mind regarding data privacy?
Investors should consider the evolving regulatory landscape surrounding data privacy and whether existing laws address the concerns raised in shareholder proposals. Understanding the type of data being collected is crucial, as different categories of data, such as health information, require stricter privacy standards. Investors are also advised to be cautious of overly prescriptive proposals that may interfere with management's ability to conduct business effectively.
What types of resolutions are supported by the guidelines?
The guidelines support shareholder resolutions that request companies to disclose their data privacy policies and commission independent studies on the implications of their data practices. They encourage voting in favor of resolutions that assess consumer privacy protections, particularly regarding sensitive personal data like health information. However, they advise against supporting resolutions that are overly prescriptive in directing how companies should manage data privacy.

Related of Data Privacy Proxy Voting Guidelines 2025