Type to search

Partnership & Enquiries

Email: info@privacyneedle.com

Contact Us
Breaking News NDPC

NDPC and Meta Reach Settlement Talks Over $32.8 Million Data Protection Fine

ikeh James October 4, 2025
Share
NDPC and Meta settlement

The Nigeria Data Protection Commission (NDPC) and Meta Platforms Inc. — the parent company of Facebook and Instagram — have entered advanced settlement talks regarding the $32.8 million fine imposed on the tech giant for alleged violations of Nigerian users’ privacy rights. This case, one of the most high-profile enforcement actions under Nigeria’s Data Protection Act (NDPA) 2023, highlights the growing role of data protection regulators in holding global companies accountable.

Background of the Case

In February 2025, the NDPC fined Meta $32.8 million and issued eight corrective orders for allegedly breaching Nigerians’ privacy rights through behavioral advertising practices on Facebook and Instagram. The regulator argued that Meta’s operations violated key provisions of the Nigeria Data Protection Act (NDPA), which mandates lawful, fair, and transparent processing of personal data.

Meta, however, challenged the enforcement order, filing a case at the Federal High Court in Abuja to seek judicial review and nullification of the NDPC’s decision.

Court Proceedings So Far

  • February 26, 2025 – Meta filed a motion ex-parte challenging the NDPC’s decision.
  • March 4, 2025 – Justice James Omotosho granted Meta leave to pursue judicial review but rejected its request for a stay of NDPC’s enforcement actions.
  • April 2025 – The NDPC filed a preliminary objection, arguing the case was incompetent and lacked jurisdiction.
  • July 16, 2025 – The court fixed October 4 for ruling on both Meta’s amendment request and NDPC’s objection.

However, during the scheduled ruling, both parties informed the court they had reached an advanced stage of settlement negotiations.

Settlement Discussions

Counsel for Meta, Mr. Onwuobia, told the court that the parties had exchanged draft terms of settlement and requested more time to finalize discussions. NDPC’s counsel, Adeola Adedipe, SAN, confirmed this, noting that the commission was open to resolving the matter amicably.

Justice Omotosho, in response, adjourned the case until October 31, 2025, for either:

  1. Adoption of the settlement terms as a consent judgment, or
  2. Delivery of the previously scheduled ruling.

Why This Case Matters

This dispute is significant for several reasons:

  • Data Protection Enforcement in Nigeria: It demonstrates the NDPC’s determination to enforce compliance with the NDPA 2023, even against global tech giants.
  • Global Precedent: It highlights how Nigeria is aligning with global trends in privacy by default and data protection enforcement, similar to the EU’s GDPR.
  • Corporate Compliance: Businesses operating in Nigeria — whether local or multinational — must now prioritize strong data protection compliance to avoid sanctions.

Expert Insight

This case reinforces a critical reality: privacy violations now carry real financial and reputational risks in Nigeria. The NDPC is sending a clear message that no company is too big to be held accountable, a move that will likely reshape compliance strategies for both tech companies and businesses handling Nigerian personal data.

FAQs

1. Why did the NDPC fine Meta $32.8 million?
The fine was imposed due to alleged violations of Nigerians’ privacy rights through behavioral advertising practices on Facebook and Instagram, which were deemed inconsistent with the Nigeria Data Protection Act (NDPA 2023).

2. What is the NDPA 2023?
The Nigeria Data Protection Act (NDPA), signed into law by President Bola Tinubu in June 2023, is the primary legislation regulating how personal data is collected, stored, and used in Nigeria. It establishes the NDPC as the enforcement authority.

3. What happens if Meta and the NDPC reach a settlement?
If finalized, the settlement terms will likely be adopted by the Federal High Court as a consent judgment, binding both parties and avoiding prolonged litigation.

4. How does this case affect other businesses in Nigeria?
It sets a precedent that businesses — local or foreign — must strictly comply with Nigeria’s data protection regulations or risk significant fines and enforcement action.

5. What should companies do to stay compliant with the NDPA?

  • Appoint a Data Protection Officer (DPO)
  • Conduct Data Protection Impact Assessments (DPIAs)
  • Implement privacy-by-design and privacy-by-default measures
  • Regularly audit data processing activities
Tags:
ikeh James

Ikeh Ifeanyichukwu James is a Certified Data Protection Officer (CDPO) accredited by the Institute of Information Management (IIM) in collaboration with the Nigeria Data Protection Commission (NDPC). With years of experience supporting organizations in data protection compliance, privacy risk management, and NDPA implementation, he is committed to advancing responsible data governance and building digital trust in Africa and beyond. In addition to his privacy and compliance expertise, James is a Certified IT Expert, Data Analyst, and Web Developer, with proven skills in programming, digital marketing, and cybersecurity awareness. He has a background in Statistics (Yabatech) and has earned multiple certifications in Python, PHP, SEO, Digital Marketing, and Information Security from recognized local and international institutions. James has been recognized for his contributions to technology and data protection, including the Best Employee Award at DKIPPI (2021) and the Outstanding Student Award at GIZ/LSETF Skills & Mentorship Training (2019). At Privacy Needle, he leverages his diverse expertise to break down complex data privacy and cybersecurity issues into clear, actionable insights for businesses, professionals, and individuals navigating today’s digital world.

    • 1
Previous Article
Next Article

You Might also Like

US Compliance Nightmare
The Patchwork of State Privacy Laws: A US Compliance Nightmare
ikeh James November 12, 2025
third-party data processors
Managing Third-Party Data Processors: Compliance Risks and Best Practices
ikeh James November 11, 2025
Data Security
Essential Data Security Measures for Compliance and Cyber Defense | download (PDF)
ikeh James November 11, 2025
Data security measures
Essential Data Security Measures for Compliance and Cyber Defense
ikeh James November 4, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *

  • Rating

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Popular Posts

privacy_by_design_2025
How to Integrate Privacy by Design Into Your Tech Stack in 2025 | (Download The PDF Checklist)
ikeh James September 29, 2025
NIST Cybersecurity Framework Explained
ikeh James September 25, 2025
iso27001_privacy
ISO 27001 & Data Privacy: What You Must Know
ikeh James September 25, 2025
nhs data breach
NHS Data Breach Exposes 100,000 Patient Records
ikeh James September 27, 2025
Advertise
Here

Related Stories

US Compliance Nightmare
The Patchwork of State Privacy Laws: A US Compliance Nightmare
third-party data processors
Managing Third-Party Data Processors: Compliance Risks and Best Practices
Data Security
Essential Data Security Measures for Compliance and Cyber Defense | download (PDF)
Data security measures
Essential Data Security Measures for Compliance and Cyber Defense

Next Up

The Future of Digital Identity – Centralized vs Decentralized
ikeh James October 5, 2025
About Us | Contact | Privacy Policy | Disclaimer © All rights reserved Privacy Needle 2025.

Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None