THE CABLE NG
The Federal Competition and Consumer Protection Commission (FCCPC), on July 19, imposed a fine of $220 million on Meta for multiple data privacy violations. This comes just four months after the government asked Binance to pay “$10 million for illegal transactions”.
Meta is the parent company of WhatsApp, Facebook, and Instagram.
The consumer protection commission, in a statement, said the action was in accordance with the FCCP Act of 2018 and the Federal Competition and Consumer Protection (administrative penalties) Regulations 2020 (APR).
Adamu Abdullahi, FCCPC’s acting chief executive officer (CEO), said the penalty followed a joint investigation by the agency, and the Nigeria Data Protection Commission (NDPC) into Meta platforms’ conduct, privacy policies, the operation thereof, and practices between May 2021 and December 2023.
WHY THE INVESTIGATION
In response to complaints by users of the said platforms, the FCCPC issued an order and notice to show cause (ONSC) in May 2021 to WhatsApp LLC and Meta Platforms Inc — jointly referred to as ‘Meta Parties’ — based on available evidence and sufficient probable cause.
“The subject of the ONSC was to relay the commission’s investigative report in respect of its findings that the Meta Parties by their conduct have violated the above stated provisions of the FCCPA and NDPR (which was in force prior to the enactment and operationalisation of the NDPA (Nigeria Data Protection Act, 2023) and for the Meta Parties to show reasonable cause why the commission should not proceed to enter its orders as final and enforceable pursuant to the FCCPA, particularly sections 17, 18, 155, and 159,” the notice had read.
According to the commission, a joint investigation was carried out between May 2021 and December 2023.
“Over this period of 38 months, a joint investigation by the Commission, and the Nigeria Data Protection Commission (NDPC) into Meta Parties conduct, privacy policies, the operation thereof, and Meta Parties practices has evolved,” the agency said.
“Meta Parties have provided some information/evidence that are in part responsive to document requests and summons under the joint investigation.”
It is understood that the FCCPC and Meta Parties also repeatedly engaged, and met with investigators and analysts from the commission and the NDPC, including as recently as April 4, 2024.
META’S OFFENCES
After a three-year probe, the commissioned said it found out that Meta has collected and shared data of Nigerian users on Facebook and WhatsApp “without their consent” for years — a violation of Nigeria’s data protection laws (NDPA, Section 39).
According to the agency, the investigation also revealed that Meta might have treated Nigerian users differently compared to those in other countries with similar regulations.
The FCCPC said the company abused its dominant market position to enforce unfair privacy policies that favour them over users’ privacy.
“The totality of the investigation has concluded that Meta Parties over a protracted period of time have engaged in conduct that constitute multiple and repeated, as well as continuing infringements of the FCCPA and NDPR,” the commission said.
“Particularly, but not limited to abusive, and invasive practices against data subjects/consumers in Nigeria, such as appropriating personal data or information without consent, discriminatory practices against Nigerian data subjects/consumers or disparate treatment of consumers/data subjects compared with other jurisdictions with similar regulatory frameworks.
“Abuse of dominant market position by forcing unscrupulous, exploitative, and non-compliant privacy policies which appropriated consumer personal information without the option or opportunity to self-determine or otherwise withhold or provide consent to the gathering, use, and/or sharing of such personal data.”
WHY A FINAL ORDER WAS ISSUED
The FCCPC said a final order was issued when there was no response from Meta despite having provided every opportunity to “articulate any position, representations, refutations, explanations or defences of their conduct and practices under law”.
The final order highlighted the conduct or practices of Meta to include denying Nigerian data subjects the right to self-determine, unauthorised transfer and sharing of Nigerian data-subjects personal data, as well as cross-border storage in violation of then, and now prevailing law.
Others are discrimination and disparate treatment; abuse of dominance; and tying and bundling, the commission said.
“The final order of the commission mandates steps and actions Meta Parties must take to comply with prevailing law and cease the exploitation of Nigerian consumers and their market abuse, as well as desist from future similar or other conduct/practices that do not meet nationally applicable standards and undermine the rights of consumers,” the FCCPC added.
THE $220 MILLION PENALTY
The commission’s final order attracted a monetary penalty of $220,000,000 — at the prevailing exchange rate where applicable.
The penalty is said to be in accordance with the FCCPA 2018, and the Federal Competition and Consumer Protection (Administrative Penalties) Regulations of 2020 (APR).