Tinubu's Govt Secretly Drops $32.8 Million Fine Against Meta for Data Privacy Breach, Sparking Outrage

Nigeria's government quietly buried a $32.8 million penalty against Meta, the parent company of Facebook and Instagram, in a secret settlement that critics say traded the privacy rights of 60 million Nigerians for vague promises. Here is the full story of what happened, why it matters, and what it means for you.

In February 2025, Nigeria made headlines across the continent when the Nigeria Data Protection Commission (NDPC) slapped Meta with a $32.8 million fine following a 17-month investigation into data privacy violations affecting over 60 million Nigerian users.

That was not a small action. It was historic. Nigeria's move was seen as a landmark step and one of the first of its kind on the African continent, signalling that African regulators were finally ready to hold Silicon Valley accountable.

So what exactly did Meta do wrong? The NDPC accused Meta of data processing without user consent, processing data of non-users, failure to submit its 2022 compliance audit, unauthorised transfer of Nigerians' data abroad, and running behavioural ads targeting minors.

The commission did not stop at a fine either. It also issued eight corrective directives, including mandatory Data Protection Impact Assessments and a halt to cross-border data transfers without approval. The commission did not stop at a fine either. It also issued eight corrective directives, including mandatory Data Protection Impact Assessments and a halt to cross-border data transfers without approval.

How Meta Fought Back and Threatened to Leave Nigeria

Here is where things get interesting. Meta did not simply accept the ruling and pay up.

Meta rejected the allegations and filed a judicial review suit on 26 February to quash the enforcement orders, arguing that the NDPC denied it a fair hearing and breached its constitutional rights to due process.

The company then raised the stakes dramatically. Meta even threatened to shut down its Nigerian operations, a pressure tactic that has worked for tech giants in other markets. That threat, combined with active litigation, put the Nigerian government in a difficult position.

While Justice Omotosho granted Meta leave to commence the review, he declined its request to halt the NDPC's actions pending the hearing. With neither side gaining a decisive legal edge, both parties retreated behind closed doors to negotiate.

The Secret Settlement That Wiped Out the Fine

According to a report by Premium Times Nigeria, Nigeria and Meta signed a quiet settlement on October 30, 2025. A Federal High Court in Abuja rubber-stamped it as a consent judgment on November 3. The fine was written off. Most of the specific directives were scrapped. And the details were kept from the public until now.

Think about what that means. A fine that took 17 months of investigation to build, and that was held up as a symbol of African digital sovereignty, vanished in a closed-door agreement with no public announcement, no press conference, and no explanation to the 60 million Nigerians whose data was at the centre of the case.

The settlement agreement dated 30 October 2025 was signed by Babatunde Bamigboye, NDPC's Head of Legal, Enforcement and Regulations, and Anna Benckert, Meta's Vice President and Associate General Counsel, International Legal. It was a corporate transaction, conducted quietly, while Nigerians remained in the dark.

What Nigeria Actually Got in Return for Dropping the Fine

Now here is the question every Nigerian deserves an answer to. What did the government actually receive in exchange for walking away from $32.8 million?

Under the settlement, Nigeria released Meta from "any and all claims, demands, actions, causes of action, obligations, suits, debts, costs, liabilities." In return, Meta agreed to "use its best endeavours" to continuously improve its data practices in line with Nigeria's data protection law.

Read that again. "Best endeavours." Not hard obligations. Not measurable targets. Not independent audits. Just a promise to try.

The NDPC, for its part, has defended this outcome. The commission adopted a remediation approach, focusing on correcting breaches rather than relying solely on fines. Officials pointed to awareness campaigns carried out across Meta's platforms, saying the company "posted different content regarding awareness and privacy in collaboration with the commission."

But awareness campaigns are a far cry from the enforceable directives that the original orders demanded. And critics noticed.

Experts Warn the Deal Leaves Nigerian Users Dangerously Exposed

Legal experts and digital rights advocates are not holding back their criticism of this settlement. Their concerns go straight to the heart of what data protection enforcement is supposed to achieve.

Data protection lawyer Iliya-Ezekiel Ndatse put it plainly: "Regulatory action is strongest when there is a clear finding of a breach, backed by penalties and the risk of further sanctions. Setting aside the earlier orders removed that weight, leaving the commitments with little additional force."

Tracy Keshi, from the Centre for Journalism Innovation and Development, delivered an even sharper verdict. Keshi said the settlement agreement weakens the NDPC's leverage, noting that compliance is now reliant on Meta's voluntary cooperation.

And the risks are not abstract. Cross-border data flows, arguably the highest-risk area for Nigerian users, remain opaque, with no third-party audits or NDPC disclosures on behavioural advertising to verify any real change. In other words, the very practices that triggered the original investigation continue, with no independent verification that anything has actually changed.

Why the Nigeria Data Protection Act Makes This Especially Troubling

There is a painful irony at the heart of this story. The law that was supposed to protect Nigerian users was signed by the same administration that quietly dismantled its most significant enforcement action.

The fine against Meta came as one of the measures by the NDPC to protect Nigerians' data under the Nigeria Data Protection Act, signed into law by President Bola Tinubu in June 2023. That legislation was celebrated as a bold step toward digital governance, placing Nigeria alongside global leaders in data protection regulation.

Yet the first real test of that law against a global tech giant ended with the fine erased and the directives softened. For the millions of Nigerians who use Facebook and Instagram daily, that is a deeply unsettling outcome.

The confidence that Nigeria's original fine stirred slumped when the government reversed the sanctions. Other African regulators watching this case will have taken note of exactly how far Meta's legal pressure and shutdown threats can go in reshaping a regulatory outcome.

What This Means for Africa's Digital Rights Future

The settlement reflects broader regulatory momentum in Nigeria, which has imposed multi-million dollar fines on other major tech firms for privacy violations, reinforcing the continent's push for stronger digital governance and accountability. But when the continent's most high-profile data enforcement case ends with the regulator quietly retreating, it sends a chilling message to every other regulator on the continent.

Tech companies facing regulatory pressure elsewhere in Africa now have a clear playbook: challenge the process, threaten to shut down services, negotiate behind closed doors, and wait for the penalties to shrink. The strength of Africa's digital sovereignty ambitions will only be as real as its willingness to enforce the rules it writes.

For ordinary Nigerians, the hard truth is this. Without independent audits, clear enforcement consequences, and transparent reporting, there is currently no reliable way to know whether Meta has genuinely changed its data practices, or whether 60 million users remain subject to the same violations that sparked this case in the first place.