Regarding the ongoing data breach allegations against Meta Platforms Inc., the Nigeria Data Protection Commission (NDPC) has noted that it will explore a partnership to resolve the issue through dialogue and collaboration.
While revealing the latest development during a one-day intensive workshop for Data Protection Officers in Abuja on Monday, the Chief Executive Officer and National Commissioner of the NDPC, Dr Vincent Olatunji, stressed that the Commission’s primary strategy was not to escalate issues but to engage organisations in meaningful resolution.
“Our new approach is partnership. We are working with them to see if we can resolve the issue. We don’t throw the baby out with the bathwater. What we do today is to look at the issues — what do we need to resolve, and are they willing to do what is right? We have to look at political ways of solving it,” Olatunji said.
Meta recently threatened to exit the country after the platform and its subsidiary, WhatsApp LLC, were ordered to pay a $220 million administrative penalty after being found guilty of data breaches and discriminatory practices following an appeal hearing. Meta was also ordered to pay an additional $35,000 to the commission for the cost of the investigation.
While there had been concerns that Meta could leave the Nigerian market following regulatory sanctions, Olatunji is seeking to address the matter by calming public anxiety and expressing their commitment and confidence that the matter will be resolved.
“Even when you go to work, you see that there’s a right way to resolve issues. So, I’m sure we’re going to resolve it,” he added.
Meta Parties (Meta and WhatsApp) were found guilty of violating the FCCPA (2018) and the Nigeria Data Protection Regulation (NDPR). Their offences include denying Nigerians the right to control their data, transferring and sharing Nigerian user data without authorisation, discriminating against Nigerian users compared to users in other jurisdictions and abusing their dominant market position by forcing unfair privacy policies.
Also Read: FCCPC says Meta exit threat a ruse to induce negative public reactions.
At the public discussion, a pressure group, Techsocietal, criticised both Meta and the Nigerian regulators for failing to consider consumers amid the legal disputes. The Executive Director of Techsocietal, Temitope Ogundipe, noted that the dispute threatens small businesses, activists, and vulnerable communities reliant on the platforms. He encouraged regulators to embrace a people-first regulatory model that combines accountability and inclusion.
“Entrepreneurs, community organisers, families, and at-risk groups rely on these platforms as vital lifelines. Digital access is not a luxury but a right tied to livelihoods and voice. Nigeria must shape platform governance on its terms, but not at the cost of cutting millions off from digital spaces,” he stated.
While advocating for partnership to ensure that all rights, revenues, and responsibilities are met without harming consumers, the group also criticised Meta’s manipulation of the Nigerian economy amid economic challenges and lower ad revenues.
NDPC foregrounds data protection amid Meta’s legal dispute
As the commission moved to resolve Meta’s legal dispute, NDPC signed a Memorandum of Understanding with global payments company Mastercard. The agreement is structured to strengthen the data protection capacity in Nigeria. As part of the agreement, about 150 Data Protection Officers received training on Data Protection Impact Assessment, in line with Section 28 of the Nigeria Data Protection Act, which mandates a risk-based approach to protecting personal data.
The commission’s CEO, Olatunji, expressed that the collaboration with Mastercard formed part of NDPC’s human capital development strategy, noting that human capital is key to its regulatory mandate. He added that Nigeria’s data protection ecosystem is an emerging system that requires on-the-job training of officers to meet the growing demands of the digital economy.
In lieu of this, the commission had further set a target of training 250,000 certified Data Protection Officers annually, where collaboration with stakeholders like Mastercard would help achieve that goal.
Recall that the Nigeria Data Protection Act, 2023 (NDPA), signed into law in June 2023, is the main law regulating data processing in Nigeria, replacing the Nigerian Data Protection Regulations (NDPR). It aims to safeguard the rights and freedoms of individuals, especially regarding their personal data, and establish the NDPC to oversee data protection.
Technext Newsletter
Get the best of Africa’s daily tech to your inbox – first thing every morning.
Join the community now!
