*The Federal Competition and Consumer Protection Commission says the Nigerian Government fines Meta $220 million for ‘multiple and repeated’ violations of the Nigeria Data Protection Regulation 2019, and consumer rights laws on Facebook and WhatsApp social media platforms

Gbenga Kayode | 绿帽献妻

The Nigerian Government has announced a fine of $220 million on global technology giant Meta over alleged 鈥渕ultiple and repeated鈥� violations of the West African country’s data protection and consumer rights laws on Facebook and WhatsApp, the company’s social media platforms.

The country’s Federal Competition and Consumer Protection Commission (FCCPC), which disclosed this development in a statement issued Friday, July 19, 2024, highlighted five distinct ways that Meta violated data laws in Nigeria.

According to the Commission, this is Pursuant to Sections 17, 18, 32, 70, 71, 72, 108, 112, 119, 124, 127, and 155 of the FCCPA 2018; and Regulations 1.2, 1.3, 2.1, 2.11, 2.2, 2.3, 2.5, and 3.1 of the NDPR 2019.

Dr. Abdullahi Adamu, Acting Executive Vice-Chairman and Chief Executive Officer (EVC/CEO) of FCCPC, in the statement noted such infractions include illegal sharing of Nigerians’ data, denying consumers the right to self-determine the use of their data, discriminatory practices as well as abuse of market dominance in the country’s digital space.

Dr. Adamu stated that the Commission, May 2021, and based on available evidence and sufficient probable cause issued an Order and Notice to Show Cause (ONSC) to WhatsApp LLC and Meta Platforms, Inc. (formerly called Facebook Inc.) jointly referred to as 鈥楳eta Parties鈥� in respect to this investigation.

He noted that the subject of the ONSC was to relay the Commission鈥檚 investigative report in respect of its findings that the Meta Parties by their conduct have violated the above stated provisions of the FCCPA and NDPR (which was in force prior to the enactment and operationalisation of the NDPA (Nigeria Data Protection Act), 2023) and for the Meta Parties to show reasonable cause why the Commission should not proceed to enter its orders as final and enforceable pursuant to the FCCPA, particularly sections 17, 18, 155, and 159.

Investigation and findings as basis for regulatory action

The FCCPC asserted the totality of its investigation had concluded that Meta Parties over a protracted period of time have engaged in conduct that constitute multiple and repeated, as well as continuing infringements of the FCCPA and NDPR, particularly.

The Commission explained this is not limited to abusive, and invasive practices against data subjects/consumers in Nigeria, such as appropriating personal data or information without consent, discriminatory practices against Nigerian data subjects/consumers, or disparate treatment of consumers/data subjects compared with other jurisdictions with similar regulatory frameworks.

Other are abuse of dominant market position by forcing unscrupulous, exploitative, and non-compliant privacy policies which appropriated consumer personal information without the option or opportunity to self-determine or otherwise withhold or provide consent to the gathering, use, and/or sharing of such personal data, noted the statement.

The FCCPC, however, said in the statement, that “being satisfied with the significant evidence on the record, and that Meta Parties have been provided every opportunity to articulate any position … the Commission has now entered a Final Order, and issued a penalty against Meta Parties.鈥�

It also stated: “The final order also imposes a monetary penalty of Two Hundred and Twenty Million U.S. Dollars only ($220,000,000.00) (at prevailing exchange rate where applicable) which penalty is in accordance with the FCCPA 2018, and the Federal Competition and Consumer Protection (Administrative Penalties) Regulations 2020 (APR).”

Nigeria, which is Africa鈥檚 most populous country, also has one of the world’s highest number of Internet users with 154 million active subscribers in 2022, according to the country鈥檚 statistics agency.

Despite the high number of Internet users in the country, Meta has failed to comply with the Nigeria Data Protection Regulation (NDPA), 2019.

The Big Tech has failed to engage a Data Protection Compliance Organisation, and hasn’t filed the Nigeria Data Protection Regulation audit report for two years, according to the Commission.

What Meta should do for recompense

The FCCPC stated that besides the $220 million fine, the Commission’s order also mandated Meta to comply with local laws and cease the 鈥渆xploitation鈥� of Nigerian consumers henceforth.

The Acting EVC/CEO further noted that investigation into the company’s reported abuses first commenced May 2021 when the market regulatory Commission opened an inquiry into WhatsApp鈥檚 updated privacy policy in the digital ecosystem.

The FCCPC later informed Meta of its findings, after which the company proposed a 鈥渞emedy package鈥�, but later failed to address initial concerns brought to its attention, stated Adamu.

The Commissions, therefore, restated its commitment to protecting the privacy of Nigerian consumers under the Constitution and all data protection laws and regulations, as well as to ensure that consumer rights are respected, and the markets operate in a fair and transparent manner in the country’s digital space.

The statement added: “The Commission appreciates the collaboration by the NDPC, this collaboration and joint investigation demonstrates the mutual desire to ensure compliance with the law, and that malfeasance lead to appropriate accountability.”

Kindly Share This Story