FCCPC fines Meta $220m over alleged data violations on Facebook and WhatsApp

The Federal Competition and Consumer Protection Commission (FCCPC), in collaboration with the Nigeria Data Protection Commission (NDPC), has completed an extensive investigation into Meta Platforms, Inc. (formerly Facebook Inc.), and its subsidiary WhatsApp LLC.

The investigation centred on alleged violations of the Federal Competition and Consumer Protection Act (FCCPA) 2018, Nigeria Data Protection Regulation (NDPR) 2019, and other relevant laws.

The investigation commenced in May 2021 and spanned 38 months. It involved a thorough review of Meta’s conduct and privacy practices, focusing on potential breaches affecting Nigerian consumers, according to a statement signed by the Acting Executive Vice Chairman, and CEO of the FCCPC, Adamu Abdullahi.

Key findings from the investigation

The investigation uncovered several significant violations by the tech giant, which were detailed in the FCCPC’s release:

1. Unauthorised data practices: Meta was found to have engaged in the unauthorised transfer and sharing of Nigerian data subjects’ personal information without consent. This included cross-border data storage in violation of prevailing laws.
2. Discriminatory practices: The investigation revealed discriminatory practices against Nigerian data subjects, with Meta treating them less favourably compared to users in other jurisdictions with similar regulatory frameworks.
3. Abusive market practices: Meta exploited its dominant market position by enforcing non-compliant privacy policies and engaging in unscrupulous practices that compromised consumer personal information without offering options for self-determination or consent.
4. Failure to meet national standards: Meta’s practices were exploitative and failed to meet nationally applicable standards, undermining consumer rights in Nigeria.

Legal proceedings and penalties

Following the investigation, the FCCPC issued a series of orders and penalties against Meta, including:

• Cessation of non-compliant Practices: The social media company must cease its exploitative practices and comply with Nigerian laws regarding data privacy and consumer protection.
• Remediation steps: Specific actions must be undertaken by Meta to address the violations, including:
• Ensuring Nigerian consumers’ right to self-determine their data.
• Compliance with statutory requirements for data transfer and storage.
• Monetary penalty: Meta is fined $220 million ($220,000,000.00) to be paid into the Treasury Single Account (TSA) of the Federal Government of Nigeria.

According to the statement, throughout the investigation, the tech company engaged with the FCCPC and NDPC, providing information and evidence. However, the final order emphasised the severity of the violations and the need for Meta to align its practices with Nigerian laws to protect consumer rights effectively.

Dr. Abdullahi said, “The Commission remains committed to its mandates to protect the privacy of Nigerians under the Constitution and all data protection laws and regulations, as well as to ensure that consumer rights are respected, and the markets operate in a fair and transparent manner.“