ABUJA, Nigeria — Nigeria has waived a $32.8 million fine imposed on Meta Platforms Inc. following a confidential settlement, raising questions about the country’s approach to data protection enforcement and transparency.
The penalty, issued in February 2025 by the Nigeria Data Protection Commission, stemmed from alleged violations of the Nigeria Data Protection Act 2023 after an investigation into the company’s handling of personal data belonging to more than 60 million Nigerian users.
Regulators had accused Meta, the parent company of Facebook and Instagram, of multiple breaches, including failure to obtain explicit consent for behavioural advertising, unauthorised cross-border data transfers, collection of data from non-users and the use of algorithms that could expose users to financial and health risks.
Settlement Terms and Court Validation
Documents related to the case show that Nigeria reversed its position in October 2025. Under the settlement, Meta was relieved of the financial penalty and required only to cover legal costs incurred by the government during court proceedings challenging the NDPC’s orders.
The agreement was signed on October 30, 2025, and later validated by the Federal High Court in Abuja on November 3, 2025. The terms were not publicly disclosed at the time and emerged later through released documentation.
Neither the NDPC nor Meta has provided detailed public explanations for the settlement.
Concerns Over Regulatory Enforcement
The decision has drawn scrutiny over transparency and consistency in enforcement, particularly given the scale of the initial allegations.
Iliya-Ezekiel Ndatse said the outcome could weaken deterrence.
“Removing penalties after such findings reduces the effectiveness of enforcement actions and weakens the credibility of compliance obligations,” he said.
The case has also been compared to Nigeria’s earlier dispute with Twitter, now known as X, which was suspended in 2021 before a negotiated resolution was reached.
Broader Implications
Analysts say the development highlights challenges faced by regulators in emerging digital markets, where governments seek to balance attracting investment from global technology firms with enforcing compliance with data protection laws.
Nigeria’s initial sanction had been viewed as aligning with enforcement trends in the United States, United Kingdom and European Union, where major technology companies have faced significant penalties over data practices.
The reversal, however, has prompted renewed scrutiny of how consistently Nigeria applies its data governance framework, particularly as digital platforms continue to expand their user base in the country.
