The Federal Competition and Consumer Protection Commission (FCCPC) has imposed a $220 million fine on Meta, the parent company of WhatsApp, Facebook, and Instagram, for multiple data privacy violations.
In a statement released on Friday, July 19, 2024, the Acting Chief Executive Officer for FCCPC, Adamu Abdullahi, stated that the penalty is in line with the FCCPA 2018 and the Federal Competition and Consumer Protection (Administrative Penalties) Regulations 2020 (APR).
According to Mr Abdullahi, the fine follows a joint investigation of Meta’s practices and privacy policies between May 2021 and December 2023 by the FCCPC and the Nigeria Data Protection Commission (NDPC).
He said that after a 38-month investigation, the commission found Meta guilty of denying Nigerians the right to self-determination.
Details of FCCPC NDPC investigation
The investigation, Mr Abdullahi said, also showed unauthorized transfer and sharing of Nigerian data, including cross-border storage, discrimination and disparate treatment, abuse of dominance, and tying and bundling.
The statement read, “On May 2021, the Federal Competition and Consumer Protection Commission (Commission) based on available evidence and sufficient probable cause issued an Order and Notice to Show Cause (ONSC) to WhatsApp LLC and Meta Platforms, Inc. (formerly called Facebook Inc.) jointly referred to as ‘Meta Parties’ in respect to this investigation.”
Mr Abdullahi noted that the subject of the ONSC was to relay the commission’s investigative report in respect of its findings which revealed that, the Meta Parties, by their conduct have violated the provisions of the FCCPA and NDPR.
This, he said was in force before the enactment and operationalisation of the NDPA (Nigeria Data Protection Act), 2023) and for the Meta Parties to show reasonable cause why the commission should not proceed to enter its orders as final and enforceable pursuant to the FCCPA, particularly sections 17, 18, 155, and 159.
The commission further stated that Meta Parties have provided some information and evidence that are in part responsive to document requests and summons under the joint investigation.
Mr Abdullahi added, “Meta Parties by themselves, and retained counsels have also repeatedly engaged with, and met with investigators and analysts from the Commission, and the NDPC, including as recently as April 4, 2024.”
Meta’s violations on Nigerian consumers
According to FCCPC, the commission’s investigation concluded that Meta Parties over a protracted period have engaged in conduct that constitutes multiple and repeated, as well as continuing infringements of the FCCA and NDPR, particularly, but not limited to abusive, and invasive practices against data subjects/consumers in Nigeria.
Some of these practices reeled out by the commission include appropriating personal data or information without consent, discriminatory practices against Nigerian data subjects and consumers, disparate treatment of consumers and data subjects compared with other jurisdictions with similar regulatory frameworks and abuse of dominant market position by forcing unscrupulous.
Others are exploitative, and non-compliant privacy policies which appropriated consumer personal information without the option or opportunity to self-determine or otherwise withhold or provide consent to the gathering, use, and/or sharing of such personal data.
“Being satisfied with the significant evidence on the record, and that Meta Parties have been provided every opportunity to articulate any position, representations, refutations, explanations or defences of their conduct and practices under law, the commission has now entered a final order and issued a penalty against Meta Parties,” it said.
