Increasing doubt about the role of shareholders in fossil fuel annual general meetings: A sign of a potential 'dark age'?
In recent years, attending Annual General Meetings (AGMs) of major London-listed fossil fuel companies like BP and Shell has become a more complex and contentious affair. The 2025 AGMs of both companies have raised concerns about increased surveillance, restricted access, and limited shareholder participation.
At BP's 2025 AGM, a surprising turn of events saw Mythical Sharpie markers being confiscated as contraband, whilst colleagues of the author were denied entry, despite being verified shareholders with appropriate documentation. Security personnel at the event used facial recognition technology from the 2024 Shell AGM to identify and deny entry to attendees.
Similarly, at Shell's 2025 AGM, a colleague was refused entry for carrying a single-page leaflet, deemed as contraband material. The venue for the BP AGM was claimed to be at capacity, with shareholders being denied entry to the main auditorium and directed to an overflow area with poor communication and echoey audio, leaving them excluded from meaningful participation.
Questions have been raised about who holds the biometric and behavioural data collected at AGMs, for how long it is retained, under what legal basis it is shared between clients, and whether it is sold or shared with third parties, including foreign governments or border agencies. However, there is no direct, specific information in the available search results regarding the current status or legal basis of biometric and behavioural data collection, retention, and sharing by corporate security providers at these companies' AGMs.
Under the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018, such data are considered personal and often classified as "special category data," which triggers heightened requirements for lawful processing, including explicit consent, a statutory basis, or substantial public interest grounds. Companies and their service providers must also comply with principles of transparency, purpose limitation, data minimization, and storage limitation.
Corporate security providers at major events like AGMs may implement measures such as CCTV, access controls, or possibly biometric identification (e.g., fingerprint or facial recognition), but the extent and legal justification for these practices must be disclosed to attendees. Privacy policies and notices would typically outline data practices, but without access to these documents from Shell, BP, or their security partners, it is not possible to confirm details.
The 2025 BP AGM also saw a move unprecedented in the author's experience, with a one-hour cap for questions, and spontaneous questions being disallowed. Moreover, more questions at the AGM were dedicated to pension complaints than climate strategy and governance.
In response to the author's questions about climate risk and the chair succession process, Dame Amanda Blanc, a climate-aware director, read a bland, pre-prepared statement that never once mentioned climate change.
Shell's 2025 AGM will be held at Heathrow Airport, where non-violent protest has been criminalized, and the company's 2025 AGM Notice of Meeting states that personal data of attendees will be processed, recorded, and photographed for safety and security purposes, and may be disclosed to law enforcement, government authorities, courts, and relevant third parties.
The increasing surveillance at AGMs is evident, as seen at the 2024 Shell AGM where the author was assigned a personal security guard who followed them to the toilet. At BP's 2025 AGM, the author was subjected to a personal search, including a body check and examination of their belongings, after being pulled aside.
In conclusion, while the specifics of biometric and behavioural data collection, retention, and sharing at Shell and BP AGMs remain undocumented, it is crucial for these companies to provide transparency and adhere to the legal requirements set by GDPR and the UK Data Protection Act 2018. For definitive answers, direct review of their privacy notices, legal disclosures, or public statements is required.
- The increased surveillance at AGMs, as evidenced by the use of facial recognition technology at the 2024 Shell AGM and the personal searches at BP's 2025 AGM, raises questions about the finance and technology industries' role in protecting privacy, given the GDPR and UK Data Protection Act 2018's requirements for personal data processing.
- In the digital age, the energy and business sectors must address concerns about data collection, retention, and sharing during AGMs, as the financial implications, including potential fines for non-compliance, could impact investor confidence and trust in these industries.
