Nigerian Federal Government Imposes $220 Million Fine on Meta for Data Privacy Violations
The Nigerian Federal Government has fined Meta Platforms Inc. $220 million for multiple data privacy violations, including unauthorized data transfer and cross-border storage breaches. Learn more about the details of the fine and the government's commitment to protecting citizens' personal information.
Meta Platforms Inc., the parent company of WhatsApp, Facebook, and Instagram, has been fined $220 million by the Nigerian Federal Government for alleged data privacy violations.
On Friday, July 19, the Federal Competition and Consumer Protection Commission (FCCPC) announced the fine, citing breaches of the Federal Competition and Consumer Protection Act (FCCPA) 2018 and the Federal Competition and Consumer Protection (Administrative Penalties) Regulations 2020 (APR).
Adamu Abdullahi, the FCCPC's Acting Chief Executive Officer, stated that Meta committed several infractions, including unauthorized data transfer and sharing, cross-border storage violations, discrimination, abuse of dominance, and tying and bundling practices. Additionally, Meta was accused of denying Nigerian data subjects the right to control their personal data.
This fine underscores the Nigerian government's commitment to enforcing data privacy laws and protecting its citizens' personal information. The FCCPC's action is part of a broader global trend of increased scrutiny and regulation of tech companies regarding data privacy issues.
The FCCPC's statement emphasized:
“On May 2021, the Federal Competition and Consumer Protection Commission (Commission) based on available evidence and sufficient probable cause issued an Order and Notice to Show Cause (ONSC) to WhatsApp LLC and Meta Platforms, Inc. (formerly called Facebook Inc.) jointly referred to as ‘Meta Parties’ in respect to this investigation.
“The subject of the ONSC was to relay the Commission’s investigative report in respect of its findings that the Meta Parties by their conduct have violated the above stated provisions of the FCCPA and NDPR (which was in force prior to the enactment and operationalisation of the NDPA (Nigeria Data Protection Act), 2023) and for the Meta Parties to show reasonable cause why the Commission should not proceed to enter its orders as final and enforceable pursuant to the FCCPA, particularly sections 17, 18, 155, and 159.
“Between May 2021 and December 2023, and over this period of 38 months, a joint investigation by the Commission, and the Nigeria Data Protection Commission (NDPC) into Meta Parties conduct, privacy policies, the operation thereof, and Meta Parties practices has evolved.
“Meta Parties have provided some information/evidence that are in part responsive to document requests and summons under the joint investigation.
“Meta Parties by themselves, and retained counsels have also repeatedly engaged with, and met with investigators and analysts from the Commission, and the NDPC, including as recently as April 4, 2024.
“The totality of the investigation has concluded that Meta Parties over a protracted period of time have engaged in conduct that constitute multiple and repeated, as well as continuing infringements of the FCCA and NDPR, particularly, but not limited to abusive, and invasive practices against data subjects/consumers in Nigeria, such as appropriating personal data or information without consent, discriminatory practices against Nigerian data subjects/consumers or disparate treatment of consumers/data subjects compared with other jurisdictions with similar regulatory frameworks, abuse of dominant market position by forcing unscrupulous, exploitative, and non-compliant privacy policies which appropriated consumer personal information without the option or opportunity to self-determine or otherwise withhold or provide consent to the gathering, use, and/or sharing of such personal data.
“Being satisfied with the significant evidence on the record, and that Meta Parties have been provided every opportunity to articulate any position, representations, refutations, explanations or defences of their conduct and practices under law, the Commission have now entered a Final Order, and issued a penalty against Meta Parties.
“The Final Order more elaborately describes the specific conduct or practices of the Meta Parties, relationship between Meta Parties with respect to the infringements, particularly with regard to: Denying Nigerian data subjects the right to self-determine; Unauthorized transfer and sharing of Nigerian data-subjects personal data, including cross- border storage in violation of then, and now prevailing law; Discrimination and disparate treatment; Abuse of Dominance; and Tying and bundling.
“The Final Order of the Commission mandates steps and actions Meta Parties must take to comply with prevailing law and cease the exploitation of Nigerian consumers and their market abuse, as well as desist from future similar or other conduct/practices that do not meet nationally applicable standards and undermine the rights of consumers.
“The Final order also imposes a monetary penalty of Two Hundred and Twenty Million U.S. Dollars only ($220,000,000.00) (at prevailing exchange rate where applicable) which penalty is in accordance with the FCCPA 2018, and the Federal Competition and Consumer Protection (Administrative Penalties) Regulations 2020 (APR).”
What's Your Reaction?