Facebook - Enforcement
Executive Summary
Nigeria's Data Protection Commission imposed a $32.8 million fine on Meta in February 2025 for processing data from over 60 million Nigerian users without proper consent and making unauthorized cross-border data transfers. In October 2025, Nigeria quietly settled with Meta, waiving the entire fine in exchange for Meta covering legal costs and committing to vague improvements, with the settlement explicitly stating no admission of wrongdoing. The reversal eliminated most of the original enforc...
What Happened
In February 2025, Nigeria's Data Protection Commission fined Meta $32.8 million after a 17-month investigation found the company processed personal data from over 60 million Nigerian users without proper consent, particularly for behavioral advertising, and made unauthorized cross-border data transfers. In October 2025, Nigeria and Meta signed a confidential settlement that completely waived the fine, with Meta only agreeing to cover legal costs and commit to vague data practice improvements with no admission of wrongdoing. The Federal High Court in Abuja approved this settlement as a consent judgment on November 3, 2025, but the terms were not made public until months later.
Who Is Affected
Over 60 million Nigerian Facebook and Instagram users are affected, as the original enforcement orders addressing unauthorized data collection, algorithmic risks, and cross-border transfers without consent have been eliminated. The settlement's reversal means these users no longer have the regulatory protections the initial orders would have provided, including requirements for Meta to stop collecting data on non-users and to conduct impact assessments on how its algorithms affect human rights and democratic processes in Nigeria.
Why It Matters
This represents one of the most significant regulatory reversals in African data protection enforcement, undermining what was initially the continent's most sweeping action against a major tech company. The confidential nature of the settlement and complete waiver of penalties raises serious questions about regulatory transparency and the ability of emerging data protection frameworks to hold global tech platforms accountable, particularly when companies threaten to cease operations in a market. The outcome may discourage other African regulators from pursuing similar enforcement actions if penalties can be negotiated away privately.
What You Should Do
Nigerian Facebook and Instagram users should review and restrict their privacy settings immediately, limiting data collection for ads by opting out of personalized advertising where possible in account settings. Users should minimize the personal information they share on these platforms and consider using privacy-focused browser extensions or VPN services to limit cross-border data transfers. Given the lack of regulatory protection, affected individuals should file complaints directly with the Nigeria Data Protection Commission to demand transparency about the settlement terms and advocate for stronger enforcement mechanisms that cannot be privately waived.
Summary generated from verified sources and reviewed before publication. How we summarize.