IN a landmark move underscoring the power of judicial activism and regulatory oversight, Nigeria’s courts have come to the robust defence of ordinary citizens whose privacy and consumer rights were violated by Meta Platforms, the parent company of Facebook, WhatsApp, and Instagram.
The saga began with a sweeping 38-month investigation by Nigeria’s Federal Competition and Consumer Protection Commission (FCCPC), in collaboration with the Nigeria Data Protection Commission (NDPC), into Meta’s operations between May 2021 and December 2023. The probe revealed that Meta had appropriated the data of Nigerian users without their consent, abused its market dominance by imposing exploitative privacy policies, and treated Nigerian consumers in a discriminatory manner compared to users in other jurisdictions with similar regulations.
The investigation also found that Meta failed to comply with Nigeria’s evolving data protection framework, including the Data Protection Regulation of 2019 and the more comprehensive Data Protection Act of 2023, which introduced stricter requirements for lawful data processing, user consent, and data security.
On July 19, 2024, the FCCPC issued a final order imposing a $220 million fine on Meta for these violations. This penalty, the largest of its kind in the region, also included specific obligations for Meta to address its practices. The decision was not only about punishing past behaviour but also about setting a precedent for the protection of fundamental rights in the digital age.
Meta, represented by a seasoned legal team, challenged the fine at Nigeria’s Competition and Consumer Protection Tribunal. However, on April 25, 2025, the Tribunal upheld the $220 million penalty, affirming that the FCCPC had acted within the law and in accordance with the 1999 Constitution. The Tribunal concluded that Meta’s multiple actions-ranging from unauthorised data appropriation to discriminatory treatment-were correctly identified as violations and that the Commission had not erred in its findings.
The Tribunal also awarded the FCCPC $35,000 to cover investigation costs, further reinforcing the seriousness with which Nigerian authorities view consumer and data rights.
This case highlights a growing trend of judicial activism in Nigeria, where courts and regulatory agencies are increasingly willing to challenge powerful corporate interests to protect the rights of ordinary citizens. The effectiveness of such agencies and the courts’ willingness to uphold their decisions are crucial for the enforcement of consumer protection laws in a rapidly digitising society.
Previous court decisions, such as the Federal High Court’s affirmation of Nigerians’ data privacy rights in 2019, have paved the way for stronger enforcement and greater public awareness of these issues. The Meta case demonstrates that Nigeria’s legal system is capable of holding even the world’s largest technology companies accountable when they violate the rights of its citizens.
The upholding of the $220 million fine against Meta sends a clear message: in Nigeria, the courts and regulatory bodies are prepared to defend the privacy, dignity, and consumer rights of their people, even against the most powerful players in the digital economy. As digital platforms continue to shape the lives of billions, Nigeria’s stance stands as an example of how coordinated legal and regulatory action can protect fundamental rights in the age of Big Tech
DISCRIMINATORY PRACTICES BY META IDENTIFIED BY THE FCCPC
The FCCPC found that Meta engaged in several specific discriminatory practices against Nigerian users. These practices, which formed the basis for the $220 million fine, included:
- Inferior Privacy Protections Compared to Other Jurisdictions: Meta offered Nigerian users fewer privacy protections and controls than users in other regions, particularly Europe. This amounted to treating Nigerian consumers as second-class compared to those in jurisdictions with similar regulations.
- Lack of User Consent Mechanisms: Meta denied Nigerian users the right to control their own data. The company failed to provide adequate consent mechanisms, meaning Nigerians could not determine how their personal information was collected, processed, or shared.
- Unauthorised Data Sharing and Transfers: Meta was found to have shared Nigerian users’ data with Facebook and other third parties without proper consent or legal safeguards, violating local data protection laws.
- Imposition of Unfair Privacy Policy Updates: The FCCPC determined that Meta’s 2021 privacy policy update was unfairly imposed on Nigerian users without transparency or meaningful choice, unlike the approach taken in other markets.
- Tying and Bundling Practices: Meta forced Nigerian users to accept unnecessary data collection as a condition for using essential services like WhatsApp, a practice not equally enforced elsewhere.
- Failure to Comply with Local Regulatory Requirements: Meta did not appoint a Data Protection Compliance Organisation or file mandatory audit reports in Nigeria, further highlighting its disregard for local consumer protections.
Abuse of Market Dominance: Leveraging WhatsApp’s popularity in Nigeria, Meta used its dominant position to push these exploitative and discriminatory practices on Nigerian consumers.
