FCCPC imposes $220m fine on Meta for data privacy violations

0
148
Spread the love

The Federal Competition and Consumer Protection Commission (FCCPC) has imposed a fine of $220 million on Meta, parent company of WhatsApp, Facebook, and Instagram, for multiple data privacy violations.

According to a statement on Friday signed by Adamu Abdullahi, FCCPC’s acting chief executive officer, the penalty is in accordance with the FCCPA 2018, and the Federal Competition and Consumer Protection (administrative penalties) Regulations 2020 (APR).

FCCPC said the penalty follows a joint investigation by FCCPC, and the Nigeria Data Protection Commission (NDPC) into Meta platforms’ conduct, privacy policies, the operation thereof, and practices between May 2021 and December 2023, and over this period of 38 months.

The commission said it found Meta culpable of denying Nigerians the right to self-determine, unauthorised transfer and sharing of Nigerian data, including cross-border storage in violation; discrimination and disparate treatment, abuse of dominance, and tying and bundling.

“On May 2021, the Federal Competition and Consumer Protection Commission (Commission) based on available evidence and sufficient probable cause issued an Order and Notice to Show Cause (ONSC) to WhatsApp LLC and Meta Platforms, Inc. (formerly called Facebook Inc.) jointly referred to as ‘Meta Parties’ in respect to this investigation,” FCCPC said.

“The subject of the ONSC was to relay the Commission’s investigative report in respect of its findings that the Meta Parties by their conduct have violated the above stated provisions of the FCCPA and NDPR (which was in force prior to the enactment and operationalisation of the NDPA (Nigeria Data Protection Act), 2023) and for the Meta Parties to show reasonable cause why the Commission should not proceed to enter its orders as final and enforceable pursuant to the FCCPA, particularly sections 17, 18, 155, and 159.

“Between May 2021 and December 2023, and over this period of 38 months, a joint investigation by the Commission, and the Nigeria Data Protection Commission (NDPC) into Meta Parties conduct, privacy policies, the operation thereof, and Meta Parties practices has evolved.

“Meta Parties have provided some information/evidence that are in part responsive to document requests and summons under the joint investigation.

“Meta Parties by themselves, and retained counsels have also repeatedly engaged with, and met with investigators and analysts from the Commission, and the NDPC, including as recently as April 4, 2024.

“The totality of the investigation has concluded that Meta Parties over a protracted period of time have engaged in conduct that constitute multiple and repeated, as well as continuing infringements of the FCCA and NDPR, particularly, but not limited to abusive, and invasive practices against data subjects/consumers in Nigeria, such as appropriating personal data or information without consent, discriminatory practices against Nigerian data subjects/consumers or disparate treatment of consumers/data subjects compared with other jurisdictions with similar regulatory frameworks, abuse of dominant market position by forcing unscrupulous, exploitative, and non-compliant privacy policies which appropriated consumer personal information without the option or opportunity to self-determine or otherwise withhold or provide consent to the gathering, use, and/or sharing of such personal data.

“Being satisfied with the significant evidence on the record, and that Meta Parties have been provided every opportunity to articulate any position, representations, refutations, explanations or defences of their conduct and practices under law, the Commission have now entered a Final Order, and issued a penalty against Meta Parties.

“The Final Order more elaborately describes the specific conduct or practices of the Meta Parties, relationship between Meta Parties with respect to the infringements, particularly with regard to: Denying Nigerian data subjects the right to self-determine; Unauthorized transfer and sharing of Nigerian data-subjects personal data, including cross- border storage in violation of then, and now prevailing law; Discrimination and disparate treatment; Abuse of Dominance; and Tying and bundling.

“The Final Order of the Commission mandates steps and actions Meta Parties must take to comply with prevailing law and cease the exploitation of Nigerian consumers and their market abuse, as well as desist from future similar or other conduct/practices that do not meet nationally applicable standards and undermine the rights of consumers.

“The Final order also imposes a monetary penalty of Two Hundred and Twenty Million U.S. Dollars only ($220,000,000.00) (at prevailing exchange rate where applicable) which penalty is in accordance with the FCCPA 2018, and the Federal Competition and Consumer Protection (Administrative Penalties) Regulations 2020 (APR).”

The commission reiterated its commitment to protecting the privacy of Nigerians under the constitution and all data protection laws and regulations, as well as ensuring that consumer rights are respected, and the markets operate fairly and transparently.

FCCPC acknowledged the collaboration with the NDPC, adding that this joint investigation demonstrates the mutual desire to ensure compliance with the law and that misconduct leads to appropriate accountability.

Leave a reply