The Nigerian Government has secretly accepted an out of court settlement with Meta for a $32.8 Million Charge issued against Meta by the Nigeria Data Protection Commission (NPDC) accusing Meta of abusing 60 Million Nigerian cityzen data and carrying out harmful Data practices against Nigerians.
Key Takeaways
- Nigeria has accepted a settlement agreement with Meta over abuse of 60 Million Nigerian Data subjects
- Under this settlement agreement, Meta will not pay $32.8 Million Dollars in damages for Nigerian Data abuse
- The Nigerian government subsequently ordered Meta to obtain proper user consent, conduct a Data Processing Impact Assessment on the human rights and democratic impacts of its systems on Nigerians, and update its privacy policy to reflect the risks posed by profiling
The out of court settlement deal between Nigeria and Meta contains confidential details which have not been disclosed to the public including writing off the $32.8 million fine and softening the obligations it earlier imposed on Meta.
This uprising has stirred angry reactions across several sectors of Country with experts and lawyer Demanding for more accountability in Nigeria’s Legal and Executive sectors in order to protect Nigerian Cytizens from Cyberthreats, Criminals and Internet Arsonists.
Remember In February 2025, Nigeria announced a $32.8 million fine for data privacy violations against Meta Platform Inc., the parent company of Facebook and Instagram. But the government went quiet when it reversed course by writing off the fine after striking a deal with the tech giant in October last year.
Under the settlement agreement, Nigeria consented to freeing Meta of all liabilities regarding the alleged violations, letting the company get away without any fine.
This action is not only hilarious but also raises eyebrows on potential corrupt actors participating in this heinous act that further threatens Nigeria’s Digital Data system and further exposes Nigerians to further corrupt Data Privacy Practices which has become a new evil norm orchestrated by Big Tech Companies in recent times.
You would note that only just recently, In a Landmark development in March 2026, juries in California and New Mexico delivered significant blows to social media giants Meta and Google (Alphabet). These verdicts mark the first time juries have held the companies liable for harms linked to their platforms’ design and practices affecting young users.
The California case, tried in Los Angeles Superior Court, centered on a now 20-year-old woman identified as K.G.M. (or “Kaley” in some reports).
She alleged that compulsive use of Instagram (owned by Meta) and YouTube (owned by Google) starting from a young age led to severe addiction, depression, anxiety, body dysmorphia, and suicidal thoughts. The jury found both companies negligent in designing addictive features such as infinite scroll, autoplay, and algorithmic recommendations that exploit developing brains, and for failing to warn users about these risks.
After over 40 hours of deliberations, the jury awarded $3 million in compensatory damages (with Meta responsible for 70% and Google/YouTube for 30%) plus $3 million in punitive damages (Meta: $2.1 million; Google: $900,000), for a total of $6 million.
This treats social media apps as potentially “defective products,” akin to how tobacco or gambling products have been scrutinized.
Also, just a day earlier, a New Mexico jury ordered Meta to pay $375 million in a separate case, finding the company violated the state’s Unfair Practices Act by misleading users about platform safety, concealing knowledge of child sexual exploitation risks, and prioritizing profits over protecting minors’ mental health.
These international court verdicts against Big Tech Companies for Data Violations and Privacy Breaches highlight the potential glowing harm these Big Tech Companies can cause by exposing Millions of Users Data to all manner of threats and potentially Looming harm.
Nigeria as a country, Boosts of the Highest Digital I.C.T Population in all of Africa. Currently the country has over 60 Million active internet users a majority of which are active on Meta owned platforms (Facebook, Instagram, WhatsApp etc)
Last year, when Nigeria imposed the fine, it joined a growing list of countries, including the United States, the United Kingdom, and the European Union (EU), that have slapped Meta and other tech companies with significant fines over data privacy breaches and other safety risks their platforms expose users to.
Sadly, Nigeria through the NDPC, signed a controversial settlement agreement with Meta on 30 October 2025 to forgo the $32.8 million fine in the Final Orders the agency issued against the company on 18 February 2025 further raising doubts on accountability and adhesion to legal and judicial processes.
How The Data Violation Saga Started
Exercising its powers under the Nigeria Data Protection Act, 2023 (NDP Act), the NPDC, Nigeria’s data governing agency, launched an investigation on 20 September 2023 into Meta’s fraudulent data breeching activities in Nigeria.
Remember, Meta is that parent company that owns International Media Platforms such as Facebook, Instagram and WhatsApp which are used by Nigerians.
The probe centred on Meta’s alleged breaches of Nigeria’s data protection laws and the privacy rights of over 60 million Nigerian data subjects.
NPDC and Meta exchanged written communications, and their representatives met in person multiple times during the investigations.
After 17 months of the probe, NPDC issued its “Final Orders” on 18 February 2025, which outlined sweeping findings and remedial directives.
The commission said it found that Meta “did not seek express, specific and unambiguous consent” from users for behavioural advertising.
It also ordered a stop to the transfer of Nigerians’ personal data outside the country without approval, the collection of non-users’ data, and the company’s use of algorithms, which “could expose data subjects to health and financial risks.”
To safeguard Nigerians’ data privacy and rights, NPDC ordered Meta to obtain proper user consent, conduct a Data Processing Impact Assessment on the human rights and democratic impacts of its systems, and update its privacy policy to reflect the risks posed by profiling.
The commission further directed the company to ensure fair access for Nigerian users and businesses, implement adequate technical and organisational safeguards for data protection, and pay the Naira equivalent of $32.8 million as a remedial fee.
How did NDPC and Meta arrive at a Settlement
Following the NDPC’s final orders and notice, Meta filed a legal challenge to the sanctions at the Federal High Court in Abuja and even threatened to shut down its operations in Nigeria.
Meta filed the substantive suit on 19 March 2025, alleging that the NDPC had denied it a fair hearing and due process. It sought to quash the enforcement orders, which it said breached its right to a fair hearing under section 36 of the Nigerian constitution.
In response, the NDPC filed a preliminary objection, contending that the suit was incompetent and that the court lacked jurisdiction to hear it.
How did the NDPC and Meta come to a Settlement
Following a confidential settlement that has raised concerns over the country’s approach to data protection enforcement and regulatory transparency,
Nigeria waived a 32.8 million fine imposed on Meta Platforms Inc., the parent company of Facebook and Instagram for breaches of Nigeria’s data protection laws and the privacy rights of over 60 million Nigerian data subjects.
Under the agreement, Meta is absolved of the $32.8 million Data Breech Penalty and required only to cover legal fees incurred by the government during court proceedings challenging the NDPC’s final orders.
The settlement was signed on 30 October 2025 and later validated by the Federal High Court in Abuja on 3 November 2025. Despite this judicial confirmation, the terms of the agreement were not made public at the time, and only recently emerged through disclosed documentation.
The development has triggered questions about transparency in regulatory enforcement, particularly given the scale of the initial allegations and the number of affected users.
While Nigeria’s initial action was viewed as a signal of growing regulatory maturity, the subsequent reversal has led to renewed scrutiny of the country’s consistency in applying its data governance framework.
Data protection lawyer Iliya-Ezekiel Ndatse said the outcome weakens regulatory deterrence.
“Removing penalties after such findings reduces the effectiveness of enforcement actions and weakens the credibility of compliance obligations,” he noted.
Legal experts and digital rights advocates are not impressed.
“Regulatory action is strongest when there is a clear finding of a breach, backed by penalties and the risk of further sanctions,” said Iliya-Ezekiel Ndatse, a data protection lawyer. “Setting aside the earlier orders removed that weight, leaving the commitments with little additional force.“
Tracy Keshi, project manager at the Tech Justice and Digital Governance Programme of the Centre for Journalism Innovation and Development, put it more plainly: “Compliance is now reliant on Meta’s voluntary cooperation.”
The case has also drawn comparisons with Nigeria’s previous dispute involving Twitter, now rebranded as X, which was banned in 2021 before the two parties reached a negotiated resolution.
In return for Nigeria writing off the fine, which resulted from about 17 months of investigation by the Nigeria Data Protection Commission (NDPC), Meta pledged to be ethical in the handling of Nigerians data in the future.
Importance of Standard Data Protection and Privacy Laws to National Growth
Standard data privacy laws, primarily anchored by the Nigeria Data Protection Act (NDPA) 2023, are crucial for regulating the collection, processing, and storage of personal information in Nigeria’s rapidly expanding digital economy. As data breaches increased by 64% in the 1st quarter of 2023. These laws transition privacy from a vague concept into an enforceable fundamental human right under the Constitution.
Nigeria Data Protection Act 2023 (NDPA) was enacted to safeguard the fundamental rights and freedoms, and the interests of data subjects, as guaranteed under the Constitution of the Federal Republic of Nigeria.
The objective of the NDPA include: the protection of personal information; establishment the Nigeria Data Protection Commission (NDPC) for the regulation of the processing of personal information; promotion of data processing practices that safeguard the security of personal data and privacy of data subjects; protection of data subjects’ rights, and provision of means of recourse and remedies, in the event of the breach of the data subjects’ rights; and strengthening the legal foundations of the national digital economy and guarantee the participation of Nigeria in the regional and global economies through the beneficial and trusted use of personal data etc.
The importance of data privacy and protection has grown recently, as data breaches have grown rapidly in recent times because data has transformed into a valuable resource for the entire world community in the internet era.
Benefits of Nigerian Data Protection Act to Nigerians includes:
* Protection of Fundamental Human Rights by enforcing Constitutional Data Compliance
Section 37 of the 1999 Constitution guarantees the right to privacy, which the NDPA 2023 solidifies by establishing that personal data is a private asset requiring protection. The law grants individuals control over their data, including the right to access, rectify, erase (“right to be forgotten”), and object to processing including Protection of Minors which requires the NDPA to garnish protections for children’s data, by requiring parental consent for those under 18.
* Building Trust in the Digital Economy
Consumer Confidence
Today, Banks, Fintech, and E- Commerce platforms handle massive amounts of personal data.Therefore, clear regulations foster user trust by encouraging more people to participate in digital services. Furthermore, proper data accountability ensures that data is used only for specific, lawful purposes and secured against breaches.
* Enhanced Security, Reduced Fraud and Cybercrime Prevention
The NDPA law intersects with the Cybercrimes (Prohibition, Prevention, etc.) Act, 2015, providing legal tools to prosecute unauthorized interception and data misuse. Through Data Minimization, organizations are restricted to collecting only the minimum data necessary, reducing the impact of potential breaches.
Nigeria’s inability to force Meta to pay the full price of Data Theft, Misuse and Violations is a big negative score on the country and it further gives Nigeria on a low trust score in terms of International legal standing.
It is becoming a well known factor that corruption dictates the terms of Nigeria’s development. Whether corruption had a role to play in the settlement between the NDPC and Meta only be known be know as time goes on.
Big international Tech companies must be put to serious Data Protection Laws, Regulatory Periodic Checks and Audits to ensure that Millions of innocent people are not exposed to Cyber Harm, Attacks and Crime as a result of greedy Big Tech Companies selling user data to criminal cyber networks.
Leave a Reply