Nigeria’s Federal Competition and Consumer Protection Commission (FCCPC) has fined Meta $220 million for violating Nigerian data protection and privacy laws on its social platforms. The FCCPC stated that Meta appropriated data from Nigerian users without their consent, abused its market dominance by enforcing exploitative privacy policies, and subjected Nigerians to discriminatory treatment compared to other jurisdictions with similar regulations.

“The Final order also imposes a monetary penalty of Two Hundred and Twenty Million U.S. Dollars only ($220,000,000.00) (at prevailing exchange rate where applicable) which penalty is in accordance with the FCCPA 2018, and the Federal Competition and Consumer Protection (Administrative Penalties) Regulations 2020 (APR),” said the FCCPC in a statement shared on X.

Meta responded to document requests and summons by providing some information and engaging the Commission via its counsel. The investigations, conducted jointly with Nigeria’s Data Protection Commission, spanned over 38 months and revealed that Meta’s policies did not allow users to withhold consent for the collection, use, and sharing of personal data.

“The totality of the investigation has concluded that Meta over the protracted period of time has engaged in conduct that constituted multiple and repeated, as well as continuing infringements… particularly, but not limited to abusive, and invasive practices against data subjects in Nigeria,” said FCCPC chief Adamu Abdullahi. “Being satisfied with the significant evidence on the record, and that Meta has been provided every opportunity to articulate any position, representations, refutations, explanations or defences of their conduct, the Commission has now entered a final order and issued a penalty against Meta.”

The final order mandates specific steps and actions Meta must take to comply with local laws.

This is not the first fine Meta has faced. In May, Turkey’s competition board fined Meta 1.2 billion lira for data-sharing violations on its Facebook, Instagram, Threads, and WhatsApp platforms. Additionally, Ireland’s Data Protection Commission fined Meta 1.2 billion euros ($1.3 billion) and ordered it to stop transferring data collected from Facebook users in Europe to the United States.

While Meta is expected to appeal the Nigerian fine, this case highlights the increasing scrutiny technology companies face regarding data privacy. Some commentators have criticized the government, pointing out that Nigeria’s Identity Management Commission (NIMC) was involved in a data breach that exposed and monetized the identification numbers of over 100 million Nigerians, yet no action was taken.

Under Nigeria’s Data Protection Act, companies found guilty of violations, including data breaches, may be fined a maximum of ₦10 million or 2% of their annual gross revenue in the preceding year. Meta’s fine in Nigeria is about 0.16% of Meta’s $131 billion generated in 2023.

Hyperscalers Convergence Africa 2024

We are hosting senior executives in digital infrastructure at the Hyperscalers Convergence Africa (HCA) conference. HCA brings together Africa’s digital decision-makers and enablers, facilitating inclusive dialogue and fostering strategic partnerships to build innovative and sustainable solutions. This initiative aims to address the infrastructural challenges hindering the continent’s progress towards a connected digital economy. Register here.