Nigeria has made headlines with its recent decision to fine Meta Platforms Inc., the company behind Facebook, $220 million over a major data breach. The National Information Technology Development Agency (NITDA), Nigeria’s main IT watchdog, ordered a fine on Meta after discovering a breach that exposed the personal data of around 45 million Nigerians. This incident, which happened in 2023, included sensitive details like names, email addresses, and phone numbers, raising serious concerns about how well user data is protected. Could this fine signal a more serious era in protecting user data and ensuring tech companies adhere to local laws?
Nigeria is Africa’s most populous country and one of Meta’s largest digital markets, with over 100 million internet users. The country is rapidly digitizing, with more people relying on online platforms for everything from social networking to financial transactions. This growing digital footprint makes data protection a critical issue. Moreover, Nigeria has long struggled with cybercrime, which has evolved from simple scams to more sophisticated and damaging forms of cyber attacks. According to the Nigerian Communications Commission (NCC), cybercrime incidents have been on the rise, with phishing attacks, ransomware, and data breaches becoming more common. The Centre for Strategic and International Studies estimates that cybercrime costs the Nigerian economy approximately $500 million annually. Recently, Paradigm Initiative, a digital rights organization, also revealed that several unauthorized platforms had been holding and selling sensitive personal and financial data of Nigerian citizens for as low as ₦100.
On the other hand, this isn’t a one-off event for Meta. The company has been in hot water globally for data privacy issues. In 2018, the UK fined Facebook £500,000 when Cambridge Analytica, a British political consulting firm, acquired the personal data of millions of Facebook users without their consent and used it for political advertising purposes, most notably during the 2016 US presidential election and the Brexit referendum. The company faced a $5 billion penalty from the U.S. Federal Trade Commission in 2019 for privacy violations. More recently, in 2021, WhatsApp, another Meta-owned service, was hit with a record €225 million fine by the Irish Data Protection Commission for not being transparent enough under the GDPR. Meta’s history of data breaches and fines suggests there are deeper issues with its data handling practices. These repeated issues point to ongoing problems in how Meta manages user data.
Historically, Africa has lagged behind regions like Europe in terms of stringent data protection regulations and enforcement. Data protection in Africa is also evolving, with many countries introducing or strengthening their data protection laws. In 2019, Nigeria introduced the Nigeria Data Protection Regulation (NDPR), to give individuals more control over their data. South Africa, too implemented the Protection of Personal Information Act (POPIA), which came into full effect in July 2021. POPIA sets stringent guidelines for data collection, processing, and storage. This was not long after Facebook experienced a data breach that affected over 14 million South Africans. Kenya has also taken steps to protect personal data with the enactment of the Data Protection Act in 2019, which outlines strict requirements for data controllers and processors. Although there haven’t been specific high-profile cases involving Facebook data breaches in Kenya, there have been concerns about data privacy, especially in the context of political campaigns and the use of social media data. Nigeria’s fine also buttresses the need for digital sovereignty, where countries assert control over their digital infrastructure and data, across the continent.
However, there could be drawbacks. For one, Nigeria has faced challenges in establishing a positive reputation by effectively handling such cases. Meta might contest the fine, leading to prolonged legal battles. Plus, the fine might create tensions between Nigeria and the U.S., where Meta is based. However, the benefits of protecting user data and fostering a culture of accountability far outweigh these challenges. As digital economies in Africa continue to grow, strong data protection laws and their enforcement are paramount now more than ever to ensure user privacy and build trust in the digital space.
