After an extensive 38-month investigation, Nigeria’s Federal Competition and Consumer Protection Commission (FCCPC) and the Nigerian Data Protection Commission have imposed a $220 million fine on Meta. This penalty arises from violations of local consumer, data protection, and privacy laws related to its platforms, Facebook and WhatsApp.
The fine comes on the heels of Nigeria’s recent overhaul and tightening of its data protection legislation. Initially governed by the Data Protection Regulations of 2019, which addressed lawful data processing, data subject rights, and the responsibilities of data controllers and processors, the regulations were deemed overly restrictive. In response, Nigeria enacted the Data Protection Act in 2023. This Act strengthens and builds upon the previous regulations by introducing enhanced provisions on lawful data processing, consent, data security, and penalties for non-compliance.
The investigation uncovered several breaches of data protection, consumer, and privacy laws by Meta. According to the FCCPC, Meta was found to have “appropriated the data of Nigerian users on its platforms without their consent, abused its market dominance by imposing exploitative privacy policies on users, and subjected Nigerians to discriminatory and disparate treatment compared to other jurisdictions with similar regulations.” Additionally, the Data Protection Commission noted that Meta failed to comply with the 2019 Regulations, did not engage a Data Protection Compliance Organisation, and neglected to file the necessary audit reports as mandated.
This fine marks the first significant penalty imposed on Meta in the region, echoing similar findings globally that Meta has not been providing users with genuine choices regarding opting out of intrusive data collection practices. The ruling signifies Nigeria’s commitment to enforcing robust data protection standards and holding global tech companies accountable for their practices.