Tag: fccpc

iPhone Counterfeiting in Nigeria: Legal Insights and Consumer Protection Guide.

aeolawpractice
Phot Credit: Pixabay

In recent weeks, Nigeria’s social media platforms have been ablaze with shocking revelations about a sophisticated scam involving fake iPhones. Videos and posts circulating on platforms like Instagram and X (formerly Twitter) expose how unscrupulous vendors are repackaging outdated models, such as the iPhone XR, into boxes mimicking the latest iPhone 17 Pro Max. One viral clip shows a buyer dismantling a supposed “new” iPhone 17 only to discover an old XR inside, sparking outrage and debates among X influencers like VeryDarkMan and Blord_Official. The Guardian Newspaper suggests that numerous iPhones in the Nigerian market could be refurbished or counterfeit, often sourced from China and sold at inflated prices to unsuspecting buyers. This phenomenon is more than simply a matter of consumer disappointment: it points to a broader challenge of counterfeiting, brand-erosion and non-compliance to business laws in Nigeria’s electronics market.

Against this backdrop, it is crucial for both consumers and distributors to understand what counterfeiting means in legal terms, how Nigeria’s intellectual-property and consumer-protection laws address it, and how one can be protected. This article sets out what “counterfeiting” entails, examines Nigerian legal provisions including the Trademarks Act 1965, Merchandise Marks Act 1916 and Federal Competition & Consumer Protection Act 2018 whilst providing practical guidance for distributors and consumers in the smartphone market.

What Does Counterfeiting Mean?

Counterfeiting goes beyond mere imitation of a product. At its heart, counterfeiting involves the unauthorised reproduction of genuine goods — or the mis-labelling of goods — in a way that misleads consumers into believing they are acquiring authentic products when they are not. In the context of smartphones such as Apple’s iPhone, counterfeit practices may involve the use of Apple’s distinctive Apple logo, the “iPhone” model name, serial-number formats or packaging features, all without any authorisation from ‎Apple Inc.. The aim is deceiving consumers to believe they are buying a premium, genuine product but end up with an inferior one (or, worse, one that is unsafe).

Globally, counterfeiting is a multibillion-dollar illicit enterprise; in Nigeria, high demand for premium electronics amid economic pressures make consumers vulnerable. The viral exposé of fake iPhones in Nigeria serves as a stark accusation of vendors resealing older devices in packaging branded as newer models, or even converting Android devices to mimic iPhone hardware or user interface features, then selling them as top-tier iPhones. These goods frequently under-perform, fail prematurely and may present safety risks (for example, battery failure or overheating).

It is important to distinguish counterfeits from legitimate imitation. The latter may involve making a product that is functionally similar or inspired by another, but does not copy protected elements (for example, branding, packaging or logos) in a way that misleads the consumer. By contrast, counterfeits deliberately replicate protected elements or use confusingly similar marks, packaging or trade dress so that the consumer is deceived into believing they are purchasing the genuine article. Under intellectual‐property (IP) law, that deception constitutes a misappropriation of brand identity, undermines legitimate trademark ownership and erodes consumer trust. In the Nigerian context, where a large portion of electronics are imported and where government revenue from duties and taxes on genuine products is significant, counterfeiting also contributes to state revenue leakage and market distortion.

Nigerian Intellectual Property and Consumer-Protection Laws on Counterfeiting

Nigeria does not have a single dedicated “anti-counterfeiting statute”; rather, the legislative framework spans multiple statutes that together provide civil and criminal remedies and consumer-protection mechanisms. The key statutes implicated in counterfeiting include the Trademarks Act, the Merchandise Marks Act, and consumer-protection laws such as the FCCPA, together with enforcement authorities such as the ‎Federal Competition and Consumer Protection Commission (FCCPC). Below we focus on the legislative basis, and then examine in particular the Merchandise Marks Act and its intersection with the Trademarks Act and FCCPA.

The Trademarks Act (CAP T13 LFN 2004)

The primary legislation governing the registration, protection and enforcement of trademarks in Nigeria is the Trademarks Act (Cap T13, Laws of the Federation of Nigeria 2004). Under section 5(2) of the Act, the proprietor of a registered trademark may restrain unauthorised use of that mark on identical or similar goods where there is a likelihood of confusion. The Act defines a trademark in terms consistent with international norms: a mark used or proposed to be used in relation to goods for the purpose of indicating a connection between those goods and a person who has the right either as proprietor or registered user.

Registration under the Act gives the owner the exclusive right to use the mark in relation to the specified goods and to take action for infringement in the Federal High Court of Nigeria. In practice, unregistered trademarks may still afford a cause of action in passing off under common law, but the statutory route under the Trademarks Act is only available to registered proprietors.

The Act complements the registration regime with civil remedies (such as injunctive relief, account of profits, damages and delivery up of infringing goods) and enforcement mechanisms.

The Merchandise Marks Act (CAP M10 LFN 2004)

The Merchandise Marks Act is a crucial statute that targets counterfeit goods and false trade descriptions. It was originally derived from the UK Merchandise Marks Act (1916) but as applied in Nigeria (Cap M10, LFN 2004).

Under section 1 of the Act, the term “false trade description” is defined broadly, including any description that is false or misleading in a material respect regarding the goods to which it is applied, as well as any alteration of description that renders it false or misleading. Further, the Act makes it an offence for any person to forge a trade mark, falsely apply a trade mark or a mark so nearly resembling a trade mark as to be calculated to deceive. Section 2(1) makes offences of forging trade marks or applying trade descriptions. Section 2(2) criminalises the sale or exposure for sale of goods bearing forged marks or false trade descriptions. The penalties arising from a High Court decision includes imprisonment of up to two years (or a fine, or both). The Act also empowers forfeiture of goods, instruments, or chattels used in the commission of the offence.

Critically, commentators have questioned whether the Act remains fully fit for purpose in the modern Nigerian market, given that it has seen few substantive updates despite the evolution of counterfeiting methods.

FCCPA 2018 – The Federal Competition and Consumer Protection Act

In addition to IP-specific legislation, Nigeria has a modern consumer-protection and competition statute: the FCCPA 2018. The Act established the Federal Competition and Consumer Protection Commission (FCCPC) and the Competition and Consumer Protection Tribunal, and empowers the FCCPC to eliminate anti-competitive practices, misleading or deceptive marketing and trading behaviour, and to ensure safe products for consumers. Section 17(g), (l), (m), (p), (r), (s) and (t) enumerates the functions of the Commission including removal of hazardous or substandard products, preventing deceptive practices, and regulating trading practices that harm consumer welfare.

While the Trademarks Act focuses on the rights of trademark proprietors and enforcement of exclusive use, and the Merchandise Marks Act targets false trade descriptions, the FCCPA 2018 broadens the regulatory landscape to include consumer protection within the competitive market. That is important in the context of counterfeit goods, because it allows regulatory intervention not only by trademark owners, but also by the consumer-protection authority in relation to misleading representations, unsafe goods, and deceptive trading practices.

Intersection of the Merchandise Marks Act, Trademarks Act and FCCPA 2018

Understanding how these statutes interplay helps clarify how counterfeiting is addressed in Nigeria. First, the Trademarks Act provides the civil and criminal framework for misuse of registered trademarks: once a mark is registered under the Act, any unauthorised use of that mark on identical or similar goods that is likely to cause confusion constitutes infringement (statutory infringement) and enables the proprietor to sue.

Second, the Merchandise Marks Act complements this by criminalising, more broadly, the forgery of trademarks and the application of false trade descriptions – even on unregistered marks or on trade descriptions that do not necessarily amount to registered trademarks. By doing so, it targets counterfeit goods at the point of mis-labelling, false descriptions, or the use of a mark so similar as to mislead consumers. Thus, the Merchandise Marks Act may apply in instances where a product uses a mark that is not registered in Nigeria but nonetheless is deceptively similar or employs false description of origin.

Third, the FCCPA 2018 provides institutional and regulatory reinforcement: when counterfeit goods are being distributed, sold or advertised, the FCCPC has the power to investigate, seize products, impose sanctions for misleading or deceptive practices, and issue directives to protect consumers. For example, under section 17(g) of the FCCPA, the Commission can act to “eliminate unfair, misleading, or deceptive or unconscionable practices” in business or trade.

In practice, the distributor of counterfeit goods in Nigeria may face legal exposure on multiple fronts if any iPhone authorised dealer decides to enforce its right under (a) the Trademarks Act, for infringement of registered trademark rights; (b) the Merchandise Marks Act, for forging or falsely applying marks or descriptions; and (c) the FCCPA 2018, for engaging in misleading trade practices that harm consumers. Meanwhile, enforcement agencies such as the Nigerian Customs Service, the Standards Organisation of Nigeria (SON) and the FCCPC may act in parallel to effect seizures, raids and regulatory sanctions.

For consumers and distributors, the practical implication is that counterfeit-based risks are not merely commercial or reputational; they are legal and regulatory. The combination of these laws means that counterfeit goods, especially those masquerading as premium electronics, can trigger criminal liability (via the criminal provisions of the Merchandise Marks Act), civil liability (via infringement actions under the Trademarks Act) and regulatory penalties (via the FCCPC under FCCPA 2018).

Practical Guidance for Phone Distributors

For those operating as distributors or retailers in Nigeria’s busy smartphone markets, the exposure connected with dealing in counterfeit or mis-described goods is significant. Under the Trademarks Act, distribution of infringing goods is liable to legal action; even if a distributor claims ignorance of the counterfeiting at the supply stage, such a defence may not always succeed. The Merchandise Marks Act explicitly provides that a person who sells or exposes for sale goods bearing forged marks or false trade descriptions is guilty of an offence unless they can prove that they took all reasonable precautions and at the time of the act had no reason to suspect the genuineness of the goods and provided all information in their power about the supplier.

Moreover, the FCCPA 2018 empowers the FCCPC to carry out investigations and to seal premises involved in sale or distribution of counterfeit or hazardous goods. Under section 17(p) FCCPA, the Commission is expected to encourage trade, industry, and professional groups to set and enforce quality standards that protect consumers’ interests while, subsection (s) of the aforementioned section obligates the Commission to ensure that consumers’ interests are properly considered in relevant forums and provide remedies against unfair practices or exploitation by businesses or individuals..

From an ethical and business-practical perspective, distributors should ensure they source products through authorised supply chains, verify that the products bear proper certification (e.g., genuine packaging, serial numbers, warranty documentation) and conduct due diligence on suppliers. Ignoring these steps not only undermines trust but also leaves the distributor vulnerable to enforcement actions, seizures by SON or customs, and reputational damage. Indeed, distributors who become associated with viral exposés of fake devices may suffer boycotts, shutdowns or forfeiture of stock.

For authorised dealers working with brands like Apple, and sellers on eCommerce platforms like Jumia and Konga, implementing traceability measures (authenticity apps, holograms, serial-check features) and training staff to identify counterfeit devices helps reduce risk. For example, ensuring devices are verified via Apple’s serial-number checking tools gives consumers confidence and helps minimise returns. Regular auditing of supply chain, maintaining records of purchase and supply, and co-operating with enforcement agencies when requested are also wise practices.

Practical Advice for Consumers

Consumers are frequently the victims in counterfeit-device schemes: they may pay premium prices for what they believe is a genuine iPhone, but end up with a refurbished model, a fake device, or an older model repackaged as new. The consequences include no valid warranty, poor device performance, safety hazards (such as battery failure or overheating) and the difficulty of obtaining effective redress. Under the FCCPA 2018, consumers have greater regulatory protection: the Act allows the FCCPC to investigate misleading trading practices, unsafe products and deceptive marketing.

Consumers should take several proactive steps. First, buy from credible dealers, additionally always obtain a proper receipt and warranty certificate from the seller; genuine devices should carry legitimate packaging, serial/IMEI numbers that can be verified (e.g., on Apple’s official website). If the price is significantly below typical market value, it should trigger suspicion. Examine the packaging carefully: genuine iPhones have high-quality seals, matching accessories, correctly spelled brand names and serial numbers that register as genuine on Apple’s site. If the device is claimed to have certain features (such as water resistance or certain hardware specifications), test them or verify via the device settings or Apple’s official check.

If you suspect you have been sold a counterfeit device, you may report the transaction to SON, the Police Cybercrime Unit or the FCCPC. You may also consider legal action: for instance, you may pursue a claim under contract law or for mis-representation of the supply contract; if the device uses a counterfeit mark you may also support a passing-off or infringement claim. It is important to act promptly, preserve the evidence (packaging, serial numbers, purchase receipt) and seek advice.

The Nigerian consumer market is becoming more sophisticated: viral videos and social-media influencers have helped push awareness of fake-phone scams. But awareness alone is not enough — consumers must act responsibly by insisting on authorised sources, verifying serial numbers, and being vigilant about extremely low-cost offers or ambiguous packaging.

Why the Fake-iPhone Epidemic in Nigeria is a Wake-Up Call

The recent wave of fake-iPhone exposures in Nigeria serves as a stark indicator of the intersection between consumer demand, supply-chain vulnerabilities, and weaknesses in enforcement. For legitimate brand owners such as Apple, such counterfeits erode brand reputation, reduce revenue and undermine the value of their authorised distribution networks. For the Nigerian economy, the sale of counterfeits undermines customs duties, taxation, and regulatory oversight. For consumers, the risks range from financial loss to safety concerns.

But there is reason for optimism. The existence of statutory regimes like the Trademarks Act and the Merchandise Marks Act, and of regulatory tools such as the FCCPA 2018, means that the legal foundation for tackling counterfeiting is already in place in Nigeria. What remains critical is enforcement, awareness and coordination among brand owners, distributors, regulators and consumers. Educating distributors about their legal obligations and encouraging consumers to demand genuine products can help shift the market toward transparency and trust.

At a systemic level, stronger collaboration between agencies such as the Customs Service, SON, the FCCPC, the judiciary and brand-owners is essential. For example, prompt seizure of counterfeit goods at the border, cooperation on intelligence gathering, rapid prosecution of infringers, and publicising of enforcement outcomes all help to raise the cost of counterfeiting and deter would-be offenders. Moreover, legislative reform (for example, to modernise the Merchandise Marks Act) may be required to address evolving methods of digital counterfeiting, online marketplace issues and global supply chains.

In Conclusion

Counterfeiting is not simply a matter of consumer inconvenience. It is a legal, regulatory, commercial and social problem. In Nigeria, understanding the contours of statutes such as the Trademarks Act 1965, Merchandise Marks Act 1916 and the FCCPA 2018 is critical. For distributors, sourcing insistently from authorised supply-chains, verifying authenticity, training staff and co-operating with regulatory authorities is a business imperative. For consumers, vigilance in verifying packaging, serial numbers, warranty documentation and the pricing offers is essential.

If recent viral cases of fake-iPhone scams can serve as a catalyst, then they may help raise awareness, bolster enforcement and ultimately foster a Nigerian electronics market that is more transparent, fair and protective of the rights of consumers and genuine brand-owners alike. By turning social-media outrage into informed action, every buyer and seller can contribute to a marketplace where authenticity matters and counterfeiting is rendered increasingly risky and untenable.

References

  1. Merchandise Marks Act 1916, Cap M10, Laws of the Federation of Nigeria (LFN) 2004.
  2. S. P. A. Ajibade & Co., “The Nigerian Merchandise Marks Act: A viable or obsolete piece of legislation”, Mondaq, 8 May 2018 <https://www.mondaq.com/nigeria/trademark/880834/the-nigerian-merchandise-marks-act-a-viable-or-obsolete-piece-of-legislation> Accessed on 14 October 2025
  3. Trademark Law in Nigeria: A Guide to Registration, Infringement and Enforcement, IR Global, February 10 2025 <https://irglobal.com/article/trademark-law-in-nigeria-a-guide-to-registration-infringement-and-enforcement> Accessed on 14 October 2025..
  4. Trademarks Act 1965, Cap T13, Laws of the Federation of Nigeria (LFN) 2004.
  5. Procedures and Strategies for Anti-counterfeiting: Nigeria, World Trademark Review, 2018 <https://www.worldtrademarkreview.com/global-guide/anti-counterfeiting-and-online-brand-enforcement/2018/article/procedures-and-strategies-anti-counterfeiting-nigeria. Accessed on 14 October 2025.
  6. Trade Marks Laws and Regulations Report 2025 – Nigeria, ICLG, 10 April 2025 <https://iclg.com/practice-areas/trade-marks-laws-and-regulations/nigeria> Accessed on 14 October 2025.
  7. Federal Competition and Consumer Protection Act 2018, Laws of the Federation of Nigeria.

FCCPC Digital Lending Regulations 2025: What Business Leaders Need to Know.

aeolawpractice

In July 2025, the Federal Competition and Consumer Protection Commission (FCCPC) introduced the Digital Electronic Online, Non-Traditional Consumer Lending Regulations (DEON Consumer Lending Regulations) 2025. These rules are designed to bring greater transparency, accountability, and consumer protection into a market that has grown rapidly but often without sufficient oversight.

For business leaders, investors, and fintech operators, the regulations are not just about compliance—they reshape how digital lending will work in Nigeria for years to come. Below is a clear analysis of the new framework, its opportunities, and its challenges.

Mandatory Re-Registration and High Compliance Costs

Every digital lender and service provider currently operating must re-register with the FCCPC within 90 days from July 24, 2025. This implies that the deadline for compliance is November 5, 2025. Once registration is granted, approvals are valid until December 31 of the third calendar year and must be renewed by March 31 of the following year.

The cost of re-registration is significant. Beyond the ₦100,000 non-refundable application fee, lenders must pay ₦1,000,000 for registration and approval, which covers two software applications. Each additional application, up to five in total, attracts a fee of ₦500,000. Renewals also come with an annual levy of ₦500,000 after the first three-year cycle.

While this system may help the FCCPC sanitize the market and eliminate rogue operators, it risks excluding smaller or emerging players who cannot shoulder such heavy financial obligations. The effect could be a consolidation of the sector around larger, better-capitalized firms.

Clearer Rules on Interest Rates, Terms, and Consumer Protection

One of the most consumer-friendly provisions requires lenders to disclose all interest rates, repayment terms, and associated fees in plain English before a loan is issued. These details must also be published prominently on fintech websites.

The FCCPC has also reserved the right to periodically review interest rates to prevent exploitative practices. However, the lack of a defined benchmark for what counts as “exploitative” leaves room for regulatory discretion, which may create uncertainty for operators.

Regulatory Overlap with the Central Bank of Nigeria

Not all financial institutions are subject to the same requirements. Banks licensed under the Banks and Other Financial Institutions Act are fully exempt. However, microfinance banks and finance companies, even though they are already regulated by the Central Bank of Nigeria (CBN), must still obtain a waiver from the FCCPC before engaging in digital lending.

This dual oversight introduces regulatory duplication. Microfinance banks already comply with strict CBN rules, adding another approval process could result in inefficiency without delivering proportional benefits to consumers.

Tightened Control of Partnerships and Vendor Relationships

Another striking aspect of the new regulations is the level of scrutiny over partnerships. Digital lenders must now obtain FCCPC approval before entering into agreements related to consumer lending, including vendor contracts. Any amendments to these agreements will also require FCCPC consent. Unauthorized service-level agreements are outright prohibited.

While this move seeks to ensure accountability across the lending value chain, it may also slow down business operations. For fintechs that depend on rapid innovation cycles, the requirement for pre-approval could become a bureaucratic bottleneck.

Approval Timelines and Reporting Demands

The FCCPC has committed to processing complete applications within 30 days. However, it retains discretion to extend the timeline if it chooses, which creates some uncertainty for lenders eager to move quickly in a competitive market.

Compliance does not stop at registration. Lenders and their vendors must submit annual returns that detail lending transactions, consumer interactions, and complaint resolutions. In addition, bi-annual reports must capture transaction numbers, loan values, interest collected, fees charged, and complaint outcomes. The FCCPC also has the authority to demand access to documents at any time, which lenders must provide within 48 hours.

For larger, established companies, these reporting requirements may be manageable. But for smaller fintech startups, the administrative burden could prove overwhelming without significant investment in compliance infrastructure.

Severe Penalties for Non-Compliance

The FCCPC has backed these rules with some of the toughest penalties seen in Nigeria’s fintech sector. Companies found in breach could face fines of up to ₦100,000,000 or one percent of their previous year’s turnover, whichever is higher. Individuals—whether directors, managers, or employees—could face fines of up to ₦50,000,000 and disqualification from holding similar positions for up to five years. Beyond financial penalties, sanctions may include suspension, delisting, or even outright revocation of a lender’s approval.

Such measures are clearly meant to act as a deterrent and align Nigeria’s practices with global standards. However, to be effective, the FCCPC will need to ensure that enforcement is proportionate to the seriousness of violations, rather than becoming a revenue-generation tool.

Consumer-Centric Obligations for Lenders

The regulations also set out strict obligations that redefine how lenders interact with customers. Loan disbursements can only be made upon the explicit request of consumers, eliminating automatic or pre-authorized lending. Data protection rules, in line with the Nigeria Data Protection Act 2023, forbid lenders from accessing sensitive information such as call logs, contact lists, or photo galleries.

Consumer complaints must be resolved within 24 hours. If that is not possible, lenders must communicate a resolution timeline within 48 hours. Channels for lodging complaints must be visible and accessible.

Record-keeping is another area of focus. Lenders must maintain their records for at least five years and produce them within 48 hours when requested by regulators. These provisions strengthen accountability and trust but may stretch the operational capacity of smaller firms.

Striking the Right Balance

The DEON Consumer Lending Regulations 2025 are a bold attempt to professionalize digital lending in Nigeria. They place consumer protection at the heart of lending practices, enforce transparency in loan terms, and introduce severe consequences for misconduct.

Yet, the framework also comes with risks. The combination of steep registration fees, heavy reporting obligations, and dual oversight between the FCCPC and CBN could discourage smaller fintechs from entering or surviving the market. This might unintentionally reduce financial inclusion, leaving consumers with fewer lending options.

For decision-makers, the key takeaway is clear: compliance is non-negotiable. Re-registration must be prioritized, disclosures must be transparent, and complaint-handling systems must be robust. At the same time, there is a strong case for engaging regulators to ensure that enforcement remains fair, proportionate, and supportive of innovation in Nigeria’s fintech sector.

Written by Adeola Osifeko LLB,BL,LLM, ACIS,ABR

Assessing the Competition & Consumer Protection Tribunal’s Judgment in Meta Platforms Inc/Whatsapp LLC v FCCPC.

aeolawpractice

Did the Judgment Address the Evidentiary and Interpretational Challenges in Nigeria’s Data Protection Enforcement?

The increasing integration of digital platforms into everyday life has raised substantial concerns about the intersection of data protection and competition law. Globally, regulators are grappling with the challenges of ensuring data privacy while also maintaining fair competition in digital markets. This dual objective is particularly pressing in jurisdictions where institutional and legislative frameworks are still evolving. Nigeria is one such jurisdiction, where the Federal Competition and Consumer Protection Commission (FCCPC) and the newly established Nigeria Data Protection Commission (NDPC) are asserting their authority to regulate tech giants such as Meta Platforms Inc. and WhatsApp LLC.

This article critically assesses the April 25, 2025 decision of the Competition and Consumer Protection Tribunal (the Tribunal) in the case of Meta v FCCPC, wherein the Tribunal upheld a $220 million fine imposed by the FCCPC for breaches of the Nigeria Data Protection Regulation (NDPR) 2019. The decision marks a turning point in Nigeria’s approach to data protection enforcement and reflects a broader trend toward regulatory assertiveness in digital markets. However, the judgment also raises important questions about the evidentiary and interpretational standards applied by the FCCPC and endorsed by the Tribunal.

Background to the Dispute.

The case against Meta arose from a 38-month joint investigation conducted by the FCCPC and the NITDA, which began in 2020. This investigation scrutinised the data collection and privacy practices of WhatsApp LLC and its parent company, Meta Platforms Inc. The FCCPC found that Meta’s business model relied on the excessive and unjustified collection of user data, including metadata beyond what was necessary for the delivery of WhatsApp services in Nigeria.

Following its findings, the FCCPC issued a Final Order on 19 July 2024, imposing a $220 million fine on Meta and WhatsApp for violating the Nigeria Data Protection Regulation (NDPR) 2019 and the Federal Competition and Consumer Protection Act (FCCPA) 2018. The Commission cited sections 17(a) and 104 of the FCCPA to justify its authority, stating that the data practices constituted ‘unscrupulous’ and ‘exploitative’ conduct in violation of consumer protection standards.

Meta and WhatsApp appealed the FCCPC’s Final Order to the Competition and Consumer Protection Tribunal, disputing both the jurisdictional authority of the FCCPC and the evidentiary basis of the Commission’s findings. The Tribunal, in a landmark judgment on 25 April 2025, upheld majority of the FCCPC’s determinations, including affirming the $220 million administrative penalty.

Interpretational Challenges: Data Minimisation and Consent Under the NDPR.

One of the central interpretational issues in Meta v. FCCPC, concerned the principle of data minimisation under the NDPR 2019. Article 2.1(1)(b) of the NDPR stipulates that personal data must be ‘adequate, accurate and without prejudice to the dignity of human person.’ The FCCPC interpreted this provision to mean that any personal data collected must be limited to what is strictly necessary to achieve the stated purpose. This concept aligns with the principle of data minimisation found in global data protection frameworks, such as Article 5(1)(c) of the GDPR.

The FCCPC’s analysis drew comparisons between WhatsApp and other messaging platforms like Signal and Telegram, noting that WhatsApp collected 44 distinct metadata points, whereas the latter collected only 4. However, the Commission failed to clearly articulate how each metadata point constituted personal data within the meaning of Article 1.3(xix) of the NDPR. This definitional gap raises significant evidentiary concerns.

Although the Commission relied on input from the National Information Technology Development Agency (NITDA), which confirmed that some data collected were not necessary for WhatsApp’s core functions, the FCCPC did not thoroughly analyse or categorise these data points. This lack of a granular assessment left open to question whether all the alleged excessive data points indeed fell foul of the NDPR.

Additionally, the FCCPC’s reliance on ‘consent’ as a remedial legal foundation, even for data that is not essential for service provision, seems to conflict with the broad applicability of the data minimisation principle. This is because consent cannot justify the collection of unnecessary data when the necessity principle is embedded in all legal grounds under the NDPR.

This interpretational ambiguity is expected to be clarified under the new Nigeria Data Protection Act (NDPA) 2023 and its General Application and Implementation Directive (GAID) 2025, which provides clear definitions for ‘adequate’, ‘relevant’, and ‘minimum necessary’ data. These clarifications aim to provide more robust evidentiary standards for future enforcement actions.

Jurisdictional Contest: FCCPC’s Mandate vs. NITDA’s Authority (Which has now Evolved Into NDPC’s Purview)

A core issue in Meta’s appeal was the jurisdictional competence of the FCCPC to adjudicate matters pertaining to data protection. Meta contended that the Nigeria Data Protection Regulation (NDPR) 2019 was issued by the National Information Technology Development Agency (NITDA), thereby vesting data protection oversight solely in NITDA’s purview.

The FCCPC, however, invoked Section 104 of the FCCPA 2018, which provides that “the Act shall override other laws on matters relating to competition and consumer protection”. Additionally, Section 17(a) empowers the FCCPC to enforce other enactments on consumer protection, an authority it relied on to treat NDPR violations as consumer harm.

The Tribunal, in addressing Issue 4 of the appeal, affirmed that the FCCPC acted within its statutory authority. It held that Section 104 of the FCCPA allows the Commission to regulate data practices that amount to exploitative or unfair conduct, even in sectors subject to regulation by other specialised agencies. By reinforcing this view, the Tribunal clarified the concurrent jurisdictional relationship between the FCCPC and other sector-specific regulators.

Although the Nigeria Data Protection Commission (NDPC) was formally established under the Nigeria Data Protection Act 2023 as the principal regulator of data protection, its operationalisation came after the events leading to the FCCPC’s investigation and order. The Tribunal therefore upheld the FCCPC’s jurisdiction without prejudice to the emerging role of the NDPC. This affirmation sets an important precedent, recognising that overlapping regulatory functions can coexist in a cooperative federal framework.

Nonetheless, the decision leaves unresolved how future inter-agency conflicts will be navigated, especially when both the FCCPC and the NDPC lay claim to enforcement authority over digital privacy matters. The GAID 2025 will likely necessitate a Memorandum of Understanding or similar legal instrument to clarify agency boundaries.

Evidentiary Weaknesses and the Standard of Proof.

One of the most significant criticisms of the FCCPC’s approach in Meta v FCCPC is the inadequacy of its evidentiary analysis, particularly in substantiating claims of excessive data collection under the NDPR. Although the Commission cited comparative statistics—such as WhatsApp’s collection of 44 metadata points versus Signal and Telegram’s collection of 4—it failed to convincingly establish that each of those metadata points constituted “personal data” as defined under Article 1.3(xix) of the NDPR 2019.

The NDPR defines personal data as any information relating to an identified or identifiable natural person. Thus, to assert a violation of data minimisation principles, the FCCPC bore the burden of demonstrating not only that data was collected, but that it was (i) personal in nature and (ii) unnecessary to the purpose of service delivery. In this regard, the Commission’s reliance on generalised comparisons, without technical analysis of the data points involved, fell short of the evidentiary standard required under Nigerian law. As the Nigerian courts have consistently held, he who asserts must prove.

Furthermore, the Commission’s determination that device fingerprinting involved excessive data collection is open to scrutiny. Device fingerprinting gathers technical details like browser settings or screen resolution, but the investigation report did not identify this as part of the actual metadata collected, nor did it adequately clarify its relevance to WhatsApp’s operational requirements in Nigeria.

The Commission also placed partial reliance on information from NITDA suggesting that some data collected was necessary while other data was optional or unnecessary. However, neither agency offered detailed classification nor provided a robust technical basis for this conclusion. This deficiency undermines the objective assessment of whether WhatsApp’s practices truly violated the requirement of adequacy under Article 2.1(1)(b) of the NDPR.

In this context, the evidentiary weaknesses in the FCCPC’s case exposed a critical gap in Nigeria’s enforcement framework. Future regulatory actions must be supported by detailed forensic analysis and independent technical assessments that can withstand appellate scrutiny. This is especially vital when dealing with sophisticated global tech entities capable of challenging enforcement actions on procedural and substantive grounds.

The Tribunal’s Reasoning: Deference or Diligence?

The Tribunal’s April 2025 judgment in Meta v FCCPC offers a rare window into judicial attitudes toward data protection enforcement in Nigeria. While the decision affirmed the FCCPC’s administrative fine and investigative processes, it left legal scholars/pundits questioning whether the Tribunal conducted a truly rigorous analysis or merely deferred to regulatory authority.

The Tribunal resolved all but one of the seven appeal issues in favour of the FCCPC. In Issue 3, for instance, Meta alleged a breach of fair hearing, claiming the Commission had not allowed sufficient opportunity to respond to the allegations. The Tribunal dismissed this, holding that the FCCPC had afforded Meta ample time to engage during the investigation and adjudication process. This finding underscores the recognition of the FCCPC’s quasi-judicial capacity and its compliance with the principles of natural justice.

In Issue 4, concerning jurisdiction, the Tribunal reaffirmed the FCCPC’s powers under section 104 of the FCCPA to override conflicting provisions of other laws on matters of consumer protection, even where other regulators are involved. This is a significant doctrinal endorsement that strengthens the FCCPC’s hand, especially in the absence of settled inter-agency coordination mechanisms.

Issue 5 was perhaps the most consequential in the context of data protection. It directly challenged the FCCPC’s conclusions regarding Meta’s privacy policies. The Tribunal held that there was no error in the Commission’s findings and that Meta’s policies indeed violated Nigerian law. However, the Tribunal offered limited elaboration on how it assessed the legality of the privacy policies. There was no detailed discussion of data minimisation or the contextual relevance of collected data. This suggests a deferential stance toward the FCCPC’s technical order, rather than an independent and probing review of the underlying data practices.

The Tribunal’s only substantive deviation came in Issue 7, where it set aside Order 7 of the Commission’s Final Order for lacking sufficient legal basis. Unfortunately, the decision did not explain the content of Order 7 in detail, nor did it clarify the threshold it applied to evaluate legal sufficiency. This omission leaves stakeholders guessing about the standards of review employed in data-related decisions.

Overall, while the Tribunal affirmed the regulatory direction Nigeria is taking, its decision arguably prioritised administrative compliance over substantive inquiry. Whether this approach can sustain long-term credibility for data protection enforcement remains to be seen. Judicial engagement with technical standards, contextual purpose, and proportionality is necessary if the Tribunal is to develop a jurisprudence fit for the data-driven economy.

Conclusion.

The Tribunal’s decision in Meta v FCCPC is a landmark precedence in Nigeria’s evolving data protection and digital competition jurisprudence. By upholding the FCCPC’s $220 million fine, cost of investigation at $35,000 and validating its jurisdiction under the FCCPA, the Tribunal signaled a strong institutional commitment to consumer data rights and fair digital market practices. However, a closer examination reveals that while the judgment endorsed key regulatory positions, it did not adequately resolve some of the evidentiary and interpretational challenges inherent in Nigeria’s enforcement regime under the NDPR 2019.

The case exposed the limitations of the FCCPC’s evidentiary framework, particularly its failure to provide a granular and technically sound justification for its findings on excessive data collection. The Tribunal, in turn, appeared to prioritise administrative deference over rigorous judicial scrutiny, particularly in its treatment of complex data processing questions. This approach, while expedient, raises concerns about whether Nigeria’s enforcement mechanisms are sufficiently robust to handle the nuances of digital regulation.

Yet, the judgment also serves as a catalyst for reform. The subsequent enactment of the Nigeria Data Protection Act 2023 and the issuance of the GAID 2025 provide the legislative and procedural tools necessary to address past shortcomings. These instruments clarify core principles like data minimisation and consent and elevate the standard of regulatory clarity and precision expected in future enforcement actions.

Looking ahead, effective regulation of digital platforms in Nigeria will depend on several critical factors. First, there must be improved inter-agency collaboration between the FCCPC and NDPC to avoid jurisdictional conflicts and duplicative enforcement. Second, regulators must adopt more technically grounded and evidence-based methodologies in investigations and adjudications. Finally, the judiciary must develop greater capacity to engage with the substantive complexities of data protection and platform regulation, moving beyond procedural adequacy to substantive correctness.

In summary, Meta v FCCPC may be viewed as a foundational case—imperfect yet pioneering. It underscores Nigeria’s readiness to hold powerful digital actors accountable while also revealing the institutional and legal reforms required to make such accountability both fair and sustainable.

Written by Adeola Osifeko LLB, LLM, ACIS, ABR. Partner, Corporate Commercial Group, at AEO Law Practice

References

  1. Violations: Tribunal Upholds FCCPC’s $220 million Fine Against Meta Platforms Inc/ Whatsapp LLC <https://fccpc.gov.ng/violations-tribunal-upholds-fccpcs-220-million-fine-against-meta-whatsapp/>
  2. The Federal Competition and Consumer Protection Act 2018 (FCCP Act 2018).
  3. The Nigeria Data Protection Regulation 2019 (NDPR 2019)
  4. The Nigeria Data Protection Act General Application and Implementation Directive 2025 (NDPA GAID 2025)
  5. EU 2016/679: General Data Protection Regulation in the current version of the OJ L 119, 04.05.2016