Nigeria has quietly withdrawn a $32.8 million penalty earlier slammed on Meta Platforms Inc., sparking fresh concerns over transparency and consistency in the country’s data protection enforcement framework.
The fine, originally issued in February 2025 by the Nigeria Data Protection Commission (NDPC), followed allegations of violations under the Nigeria Data Protection Act 2023, according to The Business Bureau.
NDPC Accused Meta of Multiple Data Breaches
The penalty stemmed from an investigation launched in September 2023, which examined Meta’s handling of personal data belonging to more than 60 million Nigerian users.
Regulators accused the tech giant of several infractions, including failure to obtain explicit consent for behavioural advertising, unauthorised cross-border data transfers, and the collection of personal data from non-users.
The NDPC also raised concerns over algorithmic systems that could potentially expose users to financial and health-related risks.
At the time, the commission described the fine as part of efforts to strengthen digital rights protections in Nigeria and align with global enforcement trends seen in jurisdictions such as the United States, United Kingdom, and European Union.
Settlement Reverses Earlier Enforcement Action
However, newly disclosed documents reveal that the Nigerian government reversed its position in October 2025 following a settlement agreement with Meta.
Under the terms of the deal, Meta was absolved of the $32.8 million fine and instead required only to cover legal costs incurred by the government during court proceedings challenging the NDPC’s final orders.
The agreement was signed on October 30, 2025, and subsequently validated by the Federal High Court in Abuja on November 3, 2025.
Despite the court’s confirmation, the details of the settlement remained undisclosed until recently, raising concerns about regulatory transparency.
Experts Warn of Weakening Regulatory Deterrence
Legal experts have expressed concern that the reversal could undermine the credibility of Nigeria’s data protection regime.
“Removing penalties after such findings reduces the effectiveness of enforcement actions and weakens the credibility of compliance obligations,” said data protection lawyer Iliya-Ezekiel Ndatse.
The Business Bureau notes that the development has intensified scrutiny over how regulatory authorities handle high-profile compliance cases involving global technology firms.
Echoes of Past Tech Disputes
The case has drawn comparisons with Nigeria’s previous dispute with Twitter (now rebranded as X), which was banned in 2021 before a negotiated resolution was reached.
Analysts say the Meta settlement reflects a broader challenge faced by regulators in emerging digital economies, where governments must balance attracting foreign investment with enforcing strict data governance rules.
Unanswered Questions Over Future Enforcement
While Nigeria’s initial action against Meta was widely viewed as a sign of growing regulatory maturity, the subsequent reversal has raised questions about policy consistency.
The NDPC has yet to publicly explain the rationale behind waiving the fine, and Meta has not issued detailed comments beyond acknowledging the settlement.
The outcome leaves uncertainty over how Nigeria intends to enforce compliance in future data protection cases, particularly as digital platforms continue to expand their user base across the country.
