The 10 Companies With the Lowest Data Privacy Scores in 2026
GDPR fines now exceed hundreds of millions of euros. Data breaches wipe billions from market capitalisations. Governments on every continent are tightening enforcement. Yet most ESG ratings treat data privacy as an afterthought -- a sub-indicator buried inside a governance bucket, diluted by self-reported disclosures and corporate questionnaires.
The result is a blind spot. Companies facing active regulatory proceedings for mishandling personal data can still carry investment-grade sustainability ratings.
At Mashinii, we scored thousands of public companies on our Safe & Smart Tech dimension using court filings, regulatory penalties, data breach records, investigative journalism, and NGO reports -- 19 specific KPIs covering everything from breach severity to algorithmic transparency. No corporate self-assessments. No ESG questionnaires.
These 10 companies scored lowest. Every number below reflects independently sourced, cited evidence.
The Rankings
| Rank | Company | Ticker | Safe & Smart Tech Score | Overall Average |
|---|---|---|---|---|
| 1 | BYD | 1211.HK | -70 | -16.4 |
| 2 | V.F. Corporation | VFC | -60 | -15.5 |
| 3 | Meta Platforms | META | -50 | -14.5 |
| 4 | Oracle | ORCL | -50 | -13.6 |
| 5 | General Motors | GM | -50 | -19.5 |
| 6 | Adidas | ADS | -40 | -6.4 |
| 7 | Gap Inc. | GPS | -40 | -10.0 |
| 8 | Alphabet/Google | GOOGL | -30 | +2.3 |
| 9 | Amazon | AMZN | -30 | -10.0 |
| 10 | Nike | NKE | -30 | -11.4 |
For context: the S&P 500 average on Safe & Smart Tech in our analysis of 40 major companies is -4.2. Every company on this list scores at least seven times worse.
1. BYD (1211.HK) -- Safe & Smart Tech: -70
BYD scored -70 on data privacy and technology safety. That is among the most negative scores in the entire Mashinii database, on any dimension, for any company.
According to our analysis, BYD has obtained R155 and R156 cybersecurity certifications and employs encryption technology. However, independent reports have flagged BYD vehicles for cybersecurity vulnerabilities, and questions have been raised about data handling practices and potential state-actor access to vehicle data.
Connected vehicles collect location data, driving patterns, and in-cabin information. For a company manufacturing them at this scale, data privacy is not peripheral. It is the product.
Full Score Breakdown
BYD's problems extend beyond data privacy. Its -50 on ethical sourcing reflects documented allegations of forced labour at a factory construction site in Brazil, where investigators described conditions among 163 Chinese workers as slavery-like, according to public reports. For a head-to-head comparison with its closest competitor, see Tesla vs BYD: Which EV Giant Is Actually More Ethical?
2. V.F. Corporation (VFC) -- Safe & Smart Tech: -60
The parent company of Vans, The North Face, Timberland, and Dickies scored -60 on data privacy. This is not a company most investors associate with technology risk.
According to our analysis, V.F. Corporation has faced documented cybersecurity incidents and data breach concerns. The company has expanded aggressively into digital commerce and app-based retail, processing significant customer data volumes across multiple brand platforms. Independent evidence indicates its cybersecurity infrastructure has not matched the pace of that digital expansion.
Full Score Breakdown
Data privacy is V.F. Corporation's worst dimension by a wide margin. For investors holding fashion and apparel stocks, this is a reminder that technology risk now extends well beyond the technology sector. See our broader analysis: Fast Fashion Scored on Worker Rights
View V.F. Corporation's full score ->
3. Meta Platforms (META) -- Safe & Smart Tech: -50
Meta scored -50 on data privacy. Of the three companies sharing this score, Meta's is the most structurally significant. Data collection is not a side effect of its business. It is the business.
According to our analysis, Meta has faced regulatory actions and court proceedings related to data handling across multiple jurisdictions. GDPR fines, privacy litigation, and documented concerns about the scope of data collection across Facebook, Instagram, and WhatsApp all contribute to this score. A company generating the majority of its revenue from targeted advertising has a structural incentive to collect and retain as much user data as possible.
Full Score Breakdown
Meta's -50 on data privacy sits alongside a -40 on governance. Traditional ESG ratings may not capture this concentration of risk because Meta scores well on environmental metrics (+30 on Planet-Friendly Business). Mashinii's 11-dimension approach ensures the privacy score stays visible rather than being blended away. For comparison with other big tech companies, see Google vs Microsoft vs Apple: Who Handles Your Data Best?
4. Oracle (ORCL) -- Safe & Smart Tech: -50
Oracle scored -50 on data privacy. This is notable because Oracle positions itself as an enterprise data infrastructure provider. Companies that handle other companies' data face elevated expectations on security and privacy.
According to our analysis, Oracle's score reflects regulatory findings documented in public proceedings related to data handling practices. For a company whose customers entrust it with sensitive business data, these concerns are material to its core value proposition.
Key Score Highlights
| Dimension | Score |
|---|---|
| Safe & Smart Tech | -50 |
| Fair Pay & Worker Respect | -40 |
| Average | -13.6 |
Oracle's combined -50 on data privacy and -40 on worker respect -- the latter based on employment-related legal proceedings identified in court records -- represents a risk profile that diverges significantly from the company's traditional ESG ratings. See our full exploration: 10 Companies With the Biggest ESG Rating Gap
5. General Motors (GM) -- Safe & Smart Tech: -50
General Motors scored -50 on data privacy, driven by data handling concerns and vehicle technology issues identified in independent assessments.
According to our analysis, GM's score reflects documented concerns about data practices across its connected vehicle platforms. Modern vehicles collect extensive data on driving behaviour, location, speed, and diagnostics. GM's management of this data, as assessed through independent evidence, raises questions about privacy protections and cybersecurity standards.
Key Score Highlights
| Dimension | Score |
|---|---|
| Zero Waste & Sustainable Products | +30 |
| Safe & Smart Tech | -50 |
| No War, No Weapons | -60 |
| Average | -19.5 |
Data privacy is not even GM's worst dimension. Its -60 on the weapons dimension, reflecting documented military vehicle contracts and defence partnerships, pushes the overall average to -19.5 -- one of the lowest among major S&P 500 companies in our broader analysis.
View General Motors' full score ->
6. Adidas (ADS) -- Safe & Smart Tech: -40
A sportswear company on a data privacy list. That alone should tell investors something about how risk categories are shifting.
According to our analysis, Adidas experienced a data breach in 2018 that affected millions of customers. A second breach in 2022 in Morocco, according to reports, impacted over 62,000 clients and exposed personal information. Multiple incidents with exposed personal data push Adidas into significantly negative territory on this dimension.
Key Score Highlights
| Dimension | Score |
|---|---|
| Zero Waste & Sustainable Products | +40 |
| Better Health for All | +20 |
| No War, No Weapons | +10 |
| Safe & Smart Tech | -40 |
| Kind to Animals | -30 |
| Fair Pay & Worker Respect | -30 |
| Average | -6.4 |
A company handling customer data through apps, e-commerce, and membership programmes faces the same breach and cybersecurity risks as a technology company -- but may not invest at the same level in defences. For a comparison with its closest competitor, see Nike vs Adidas: Which Has Cleaner Supply Chains?
7. Gap Inc. (GPS) -- Safe & Smart Tech: -40
Gap Inc. scored -40 on data privacy, matching Adidas. Another retailer. Another company that built a digital empire faster than it built defences for the data inside it.
According to our analysis, Gap's score reflects concerns identified in independent assessments about customer data handling across its digital platforms. Gap operates Old Navy, Banana Republic, and Athleta, each with its own storefront, app, and loyalty programme. Customer data is collected and processed across all of them.
Key Score Highlights
| Dimension | Score |
|---|---|
| Better Health for All | +10 |
| Safe & Smart Tech | -40 |
| Fair Pay & Worker Respect | -30 |
| Average | -10.0 |
No single dimension in Gap's scorecard rises above +10 in our analysis. The absence of strong positives anywhere means there is nothing to offset the data privacy risk for investors screening on technology safety.
8. Alphabet/Google (GOOGL) -- Safe & Smart Tech: -30
Google is the only company on this list with a positive overall average. That makes it the most instructive case here.
According to our analysis, Google has faced multiple significant regulatory actions related to data handling. GDPR fines, antitrust investigations citing data market power, and documented concerns about location tracking and cross-service data integration all contribute to this score. The scope of Google's data collection across Search, Gmail, Android, Chrome, Maps, and YouTube is without parallel among publicly traded companies.
A score of -30 does not mean Google lacks security infrastructure. It means independently sourced evidence identifies more concerns than positive signals on privacy and data ethics.
Key Score Highlights
Google's environmental scores are genuine strengths verified in independent data. But they coexist with a -30 on data privacy and -40 on governance. An investor screening only on environmental metrics would view Google favourably. An investor screening on data privacy would not. This is why Mashinii scores across 11 independent dimensions rather than producing a single blended number. See Google vs Microsoft vs Apple: Who Handles Your Data Best?
9. Amazon (AMZN) -- Safe & Smart Tech: -30
Amazon's data privacy risk is unusual because it spans two categories that rarely overlap: employee surveillance and consumer device data.
According to our analysis, Amazon received a 32 million euro fine in France for violating GDPR through invasive tracking of employee productivity. Separate concerns about data practices related to Alexa voice assistants and Ring security cameras, along with questions about algorithmic transparency, reinforced the score.
Worker surveillance on one side. Always-on microphones and cameras in homes on the other. That dual exposure creates a broader surface area for privacy concerns than most companies face.
Key Score Highlights
Amazon carries -30 scores across four separate dimensions. Compare this to Walmart, which scored +10 on Safe & Smart Tech after introducing a Responsible AI Pledge and demonstrating a more measured approach to technology deployment. Same industry, 40 points apart. See Amazon vs Walmart: A Data-Driven Ethics Comparison
10. Nike (NKE) -- Safe & Smart Tech: -30
Nike rounds out this list at -30. Another sportswear brand. Another company whose digital strategy outpaced its data protections.
According to our analysis, Nike has implemented cybersecurity measures including risk management, third-party assessments, and employee training. However, its app practices have raised data privacy concerns due to the collection and sharing of sensitive customer data. For a company whose strategy increasingly revolves around direct-to-consumer apps and membership programmes, this is a growing material risk.
Key Score Highlights
| Dimension | Score |
|---|---|
| Respect for Cultures & Communities | +25 |
| Better Health for All | +20 |
| Kind to Animals | -20 |
| Planet-Friendly Business | -30 |
| Honest & Fair Business | -30 |
| Safe & Smart Tech | -30 |
| Fair Pay & Worker Respect | -30 |
| Fair Trade & Ethical Sourcing | -30 |
| Average | -11.4 |
Nike carries -30 scores across five dimensions. Its presence here, alongside Adidas and Gap, confirms that data privacy risk is now a cross-sector issue. See Nike vs Adidas: Which Has Cleaner Supply Chains?
Three Patterns Worth Noting
Data privacy risk is no longer a tech-sector problem. Only three of these ten companies are primarily technology companies. The rest span automakers, fashion, retail, and consumer goods. Any company collecting personal data at scale now carries this risk.
Low data privacy scores travel with other negatives. Nine of ten companies here carry negative overall averages. Google, the lone exception at +2.3, is barely positive. Companies that handle data poorly tend to show weaknesses elsewhere.
Traditional ESG ratings underweight this. Meta, Oracle, Google, and Amazon all receive investment-grade ESG ratings from major agencies. Those ratings may emphasise environmental disclosure and governance structures over independently documented data handling failures. Mashinii treats data privacy as a standalone dimension with dedicated KPIs, ensuring it is visible rather than diluted into a composite score.
Companies That Get Data Privacy Right
Not every company scores negatively. For comparison, from our analysis of S&P 500 and other major companies:
| Company | Ticker | Safe & Smart Tech | Overall Avg |
|---|---|---|---|
| Visa | V | +40 | +15.9 |
| Adobe | ADBE | +40 | +12.3 |
| Cisco | CSCO | +30 | +16.4 |
| Salesforce | CRM | +30 | +11.8 |
| Intel | INTC | +30 | +10.5 |
| Apple | AAPL | +20 | +9.5 |
| Microsoft | MSFT | +10 | +5.5 |
Visa scores +40. BYD scores -70. A 110-point spread on a single dimension, both independently verifiable through our methodology.
How These Scores Are Built
Every score in this analysis comes from independently verifiable sources: court filings, regulatory actions, investigative journalism, and NGO reports. Companies cannot influence their scores through self-reporting or sustainability questionnaires. Scores range from -100 to +100 across 11 independent dimensions, and a score of 0 means insufficient independent evidence in either direction.
Is Your Portfolio Exposed?
If you hold any of these companies -- directly or through index funds -- their data privacy scores are part of your portfolio's risk profile. Meta, Google, and Amazon alone represent significant weight in the S&P 500, Nasdaq 100, and most global equity ETFs.
See how every company in your portfolio scores on data privacy and all 10 other dimensions. Takes under 60 seconds.