Nigeria drops $32.8 million Meta fine for data privacy breach as debate over enforcement credibility erupts

Nigeria has waived a $32.8 million fine imposed on Meta Platforms Inc., the parent company of Facebook and Instagram, following a confidential settlement that has raised concerns over the country’s approach to data protection enforcement and regulatory transparency.

• Nigeria has cancelled a $32.8 million fine previously imposed on Meta for alleged data privacy violations.
• The decision follows a confidential settlement reached in October 2025, later validated by the Federal High Court in Abuja.
• Under the agreement, Meta is only required to cover legal costs, with all penalties withdrawn.
• The move has sparked debate over the strength and transparency of Nigeria’s data protection enforcement framework.

The fine, issued in February 2025 by Nigeria’s Data Protection Commission (NDPC), stemmed from alleged violations of the Nigeria Data Protection Act 2023. It followed an investigation launched in September 2023 that examined Meta’s handling of personal data from more than 60 million Nigerian users.

The NDPC had accused Meta of several breaches, including the absence of explicit consent for behavioural advertising, unauthorised cross-border data transfers, the collection of data from non-users, and the deployment of algorithms that could expose users to financial and health risks.

At the time, the regulator described the penalty as part of efforts to strengthen digital rights protections in Africa’s most populous country, aligning Nigeria with global enforcement trends in the United States, United Kingdom, and European Union, where Meta and other major technology firms have faced multibillion-dollar fines for similar violations.

However, documents from a subsequent settlement indicate that Nigeria reversed its position in October 2025. Under the agreement, Meta was absolved of the $32.8 million penalty and required only to cover legal fees incurred by the government during court proceedings challenging the NDPC’s final orders.

The settlement was signed on 30 October 2025 and later validated by the Federal High Court in Abuja on 3 November 2025. Despite this judicial confirmation, the terms of the agreement were not made public at the time, and only recently emerged through disclosed documentation.

The development has triggered questions about transparency in regulatory enforcement, particularly given the scale of the initial allegations and the number of affected users.

Data protection lawyer Iliya-Ezekiel Ndatse said the outcome weakens regulatory deterrence.

“Removing penalties after such findings reduces the effectiveness of enforcement actions and weakens the credibility of compliance obligations,” he noted.

The case has also drawn comparisons with Nigeria’s previous dispute involving Twitter, now rebranded as X, which was banned in 2021 before the two parties reached a negotiated resolution.

Analysts say the Meta settlement reflects a broader challenge facing regulators in emerging digital economies, where governments are attempting to balance investment incentives from global technology firms with the need to strictly enforce data protection laws.

While Nigeria’s initial action was viewed as a signal of growing regulatory maturity, the subsequent reversal has led to renewed scrutiny of the country’s consistency in applying its data governance framework.

The NDPC has not publicly explained the rationale for waiving the fine, and Meta has not issued detailed comments beyond acknowledging the settlement.

The outcome leaves open questions about how Nigeria intends to enforce compliance in future high-profile data protection cases, particularly as digital platforms expand their nationwide user base.