Nigeria has withdrawn a US$32.8 million fine previously imposed on Meta Platforms, triggering a wave of criticism over regulatory consistency and the credibility of data protection enforcement in Africa’s largest digital market.
The penalty, initially issued in February 2025 by the Nigeria Data Protection Commission, followed an investigation into Meta’s handling of personal data belonging to more than 60 million Nigerian users. Regulators had accused the company of multiple violations under the Nigeria Data Protection Act 2023, including failure to obtain proper user consent for behavioural advertising, unauthorised cross border data transfers, and the collection of information from individuals who were not even users of its platforms.
At the time, the fine was seen as a bold move by Nigeria to align itself with stricter global enforcement trends, where major tech firms have faced heavy penalties in jurisdictions such as the European Union and the United States.
However, that position has now shifted dramatically. A confidential settlement reached in October 2025 and later validated by the Federal High Court in Abuja led to the complete withdrawal of the financial penalty. Under the agreement, Meta is only required to cover legal costs incurred during the dispute, with all sanctions effectively scrapped.
The decision has raised serious questions about transparency. Details of the settlement were not publicly disclosed at the time and only emerged months later through documentation, fuelling concerns about how such a high profile enforcement action could be reversed without broader public scrutiny.
Legal experts argue that the move risks undermining the deterrent effect of regulatory actions. Iliya Ezekiel Ndatse, a data protection lawyer, warned that removing penalties after establishing violations weakens compliance expectations. “Removing penalties after such findings reduces the effectiveness of enforcement actions,” he said.
The case has also reignited debate over how emerging economies manage relationships with global technology firms. On one hand, countries like Nigeria are keen to attract investment and maintain cooperation with major digital platforms. On the other, there is growing pressure to enforce data protection laws strictly to safeguard citizens’ rights.
This tension is not new. Nigeria previously clashed with Twitter, now known as X, in 2021 before reaching a negotiated resolution. The Meta case reflects a similar pattern, where initial regulatory assertiveness is followed by compromise behind closed doors.
For many analysts, the concern is not just about this single case, but what it signals for future enforcement. Nigeria’s digital economy is expanding rapidly, with millions of users relying on platforms owned by Meta, including Facebook and Instagram, for communication, business, and financial transactions. Ensuring accountability in how user data is handled is therefore critical.
The lack of a detailed public explanation from the NDPC has only intensified scrutiny. Without clarity on why the fine was waived, questions remain about whether the decision was driven by legal limitations, strategic considerations, or external pressures.
From a policy standpoint, the situation highlights a broader challenge facing regulators across Africa. Building effective data governance systems requires not just strong laws, but also consistent enforcement, institutional capacity, and public trust.
Nigeria had positioned itself as a leader in digital regulation on the continent with the introduction of its data protection framework. The reversal in the Meta case now puts that reputation under pressure.
Going forward, the real test will be whether authorities can demonstrate consistency in future cases. Investors, tech companies, and citizens alike will be watching closely to see if Nigeria strengthens its enforcement mechanisms or continues to rely on negotiated settlements in high stakes disputes.
