Beyond N352bn fine: What FCCPC and Meta must do next

BY TIMI OLAGUNJU

In July 2024, Nigeria made headlines, not for oil, Afrobeats, or Nollywood, but for data. The Federal Competition and Consumer Protection Commission (FCCPC), in partnership with the Nigeria Data Protection Commission (NDPC), concluded a 38-month investigation into Meta Platforms [Facebook, WhatsApp, and Instagram]. The outcome: a hefty N352,843,436,000.00 Naira [$220 million] fine, citing violations that included unauthorised sharing of user data, failure to provide opt-out mechanisms, and applying inferior privacy standards to Nigerians compared to Europeans and Americans. The message was clear: Nigeria is no longer a passive consumer of tech platforms; it is an assertive regulator of digital rights.

Meta’s response? A familiar playbook: threaten to pull out. It is a tactic the company previously used in Europe when facing GDPR restrictions. In Nigeria, however, this veiled exit threat strikes a different chord. With over 30 million Facebook users, 12.6 million on Instagram, and 51 million active on WhatsApp, Meta’s platforms are socio-economic lifelines, communication highways, and e-town halls for many Nigerians, with limited options.

The FCCPC argues that, in the EU, users are presented with clear opt-in and opt-out tools, often delivered through in-app prompts. They are informed before their data is used to train AI systems or sold to advertisers. In Nigeria? No notice. No choice. No opt-out. Legally, the FCCPC acted within its powers. Section 51(2) of the FCCPA empowers the commission to impose reasoned fines, not exceeding 10% of a company’s Nigerian turnover, for unfair or exploitative practices. In this case, the agency also cited Sections 70 through 76 to address Meta’s abuse of market dominance, particularly through WhatsApp and Facebook. But enforcement must walk in step with clarity, proportionality, and diplomacy.

If reports are accurate, Meta’s estimated annual revenue in Nigeria is between $200 and $300 million. A $220 million fine, representing more than 70%, and potentially up to 110% of that revenue, far exceeds the 10% legal cap and raises serious questions about proportionality. It is legally and economically difficult to defend. By comparison, the European Union’s €1.2 billion fine in 2023 for illegal data transfers represented just 3.2% of Meta’s EU revenue. A reasonable fine, aligned with Nigerian law and global benchmarks, would fall between $2 million and $20 million, ensuring enforcement is firm, fair, and legally defensible.

Meta’s problems in Nigeria are not limited to data. The Advertising Regulatory Council of Nigeria (ARCON) has also imposed a $37.5 million fine for broadcasting ads without regulatory approval. That’s two major agencies enforcing distinct mandates in silos. Nigeria’s digital oversight framework is maturing, but fragmentation threatens progress. What is urgently needed is a Memorandum of Understanding (MoU) between FCCPC, NITDA, NDPC, and ARCON, with clear lead-agency protocols, breach reporting systems, and coordinated enforcement pathways. This would prevent overlap and signal to companies, both local and foreign, that Nigeria is coherent, competent, and consistent.

But Meta must also read the room. Nigeria may not yet control the cloud, but it controls something far more valuable: the attention, data, and trust of over 100 million users. In Africa, data is the new oil, and Nigeria holds the reserves. Meta should drop the threats and lead with compliance. If it can design AI data opt-outs for European users, it can do the same for Nigerians. If it can honour GDPR in Germany, it can comply with the NDPA in Nigeria. The choice is not between leaving or staying; it is between confrontation and collaboration.

To the FCCPC and NDPC, this is not just about setting a precedent. It is about defining a principle: that Nigerian users deserve equal treatment, transparent terms, and dignified digital rights. Enforcement should not only punish but persuade, through public education, tiered compliance models, and conditional settlement offers that reward reform. The FCCPC may consider restructuring the fine to a base amount of $20 million, in line with the 10% legal cap or even less, and offer conditional waivers of up to $10 million or even $15 million, if Meta introduces localized consent mechanisms, publishes Nigeria-specific transparency reports, and aligns its data protections with those offered in the EU.

Additionally, NITDA, FCCPC and NDPC should lead in establishing a West African Digital Accountability Taskforce under ECOWAS and/or AfCFTA, enabling joint investigations, harmonised sanctions, and cross-border enforcement against Big Tech. This would help ensure that digital sovereignty in Africa cannot be undermined by jurisdictional fragmentation or regulatory inconsistency.

Meta is watching. So is Silicon Valley. And so is the continent. Nigeria and South Africa remain the only African countries to impose serious sanctions on Meta. Others, such as Egypt, Kenya, Uganda, and Zambia, are watching and weighing their next steps. If Nigeria succeeds in transforming this moment from confrontation to systemic reform, it will not only win a case, it will set a bold precedent for the Global South.

Timi Olagunju is a lawyer and AI governance, public policy expert, a Master in Public Administration (MPA)/Mason Fellow, Harvard University’s Kennedy School of Government. He is a partner, The Timeless Practice in Lagos; a former policy fellow at Global Integrity in Washington, D.C; a 2024 Internet Society EC Fellow; an IRI Gen-Dem Advisory Board member; and a recipient of the Mandela Washington Fellowship in 2015. You can follow him on Twitter @timithelaw