In a statement signed by Itunu Dosekun, CDPO head, Media Unit, NDPC, the commission said the initiative is connected to its regulatory process involving Meta Platforms, Inc., following investigations into the company’s data processing practices in Nigeria.

The statement read,

“The matter was concluded in 2025 through a court-approved settlement. As part of the settlement, Meta committed to supporting a two-year programme of public-facing data protection measures that aligns with the objectives of the Nigeria Data Protection Act, 2023 (NDP Act), the NDP Act General Application and Implementation Directive (GAID) and the NDPC Strategic Roadmap and Action Plan (SRAP) 2023-2027.”

The M-SIDP programme is structured around governance, research and development; fostering safety and sustainability mechanisms for ecosystem and technology; capacity development for Data Protection Officers (DPOs) and Data Protection Compliance Organisations (DPCOs); and public awareness targeting data subjects, with particular focus on vulnerable groups.

The commission stated that,

“Nothing in this settlement limits the Commission’s independent statutory powers as we continue to exercise our regulatory mandate in relation to data processing activities in Nigeria, in accordance with the NDP Act and other applicable laws.”

According to the NDPC, it will provide periodic updates on the implementation of the M-SIDP programme and has called on stakeholders to support the initiative in advancing a secure and accountable privacy ecosystem in Nigeria.

Recall that in 2025, Meta settled out of court its dispute with the Nigerian government over a $32.8 million data violation fine that had lingered since February.

The federal government, through the NDPC, imposed the fine on Meta on February 18, 2025, over alleged data transfer violations, unsolicited advertisements, and failure to file audit reports, among other breaches.

The move triggered a dispute, with Meta at one point threatening to shut down its operations in Nigeria.

After months of discussions, both parties told the court they were willing to resolve the matter amicably.

Judge James Omotosho, who noted the court’s support for alternative dispute resolution, adopted the terms of settlement filed by the parties on October 31, 2025.

Meta denied the findings and the process. On February 26 of the same year, Meta Platforms Inc. filed an ex parte motion seeking an order quashing NDPC’s compliance and enforcement orders dated February 18.

The case primarily sought the court’s order nullifying

“All other investigations, proceedings and actions taken by respondent against the applicant leading to the ‘Final Orders.’”

On March 4, 2025, Meta’s lawyer moved the application, which Justice James Omotosho partly granted.

The judge granted leave to Meta to commence judicial review proceedings against NPDC’s orders but refused a stay of proceedings relating to the “Final Orders” pending the determination of the judicial review.

He also ordered an accelerated hearing of the main suit.

In response, NDPC filed a preliminary objection through its lawyer, arguing that the suit was incompetent and that the court lacked jurisdiction.

The commission also claimed Meta failed to comply with rules guiding judicial review under Order 34 of the Federal High Court (Civil Procedure) Rules, 2019.

In a filing dated March 19, 2025, Meta argued that the NDPC denied it fair hearing and due process. Its lawyer, Gbolahan Elias, asked the Federal High Court to quash the enforcement orders, saying they breached Section 36 of the Nigerian Constitution.

NDPC’s lawyer contended that Meta was attempting to introduce new players after the court had ruled on its ex parte application,  maintaining that the amendment was not permitted under the rules of court.

After a hearing on July 16, 2025, the court adjourned the matter until October 3 for a consolidated ruling on NDPC’s preliminary objection and Meta’s motion to amend its filings.

The parties, however, later informed the court that they were ready to settle, allowing time for an amicable resolution.

Officials say the process will guide a policy that balances children’s safety with the benefits of internet access.

To begin the process, the Ministry of Communications, Innovation and Digital Economy has launched a public poll.

Parents, teachers, young people and digital experts are invited to share their views on how Nigeria should regulate children’s access to social media and other online platforms.

The ministry says the aim is to build an evidence-based policy that protects children while allowing them to benefit from digital tools used for learning, communication and creativity.

However, officials say the same internet also exposes young users to serious risks including cyberbullying, harmful content, online grooming, misuse of personal data and addictive platform features. Authorities also warned about new threats linked to artificial intelligence tools.

In a policy note released with the survey, the ministry stressed the need for a balanced approach.

“As Nigeria evaluates possible policy options, it is important that any approach reflects national priorities, respects children’s rights, and responds effectively to the realities of the country’s digital landscape,” the ministry stated.

The supervising minister, Bosun Tijani, also spoke about the initiative on social media, saying the government wants to ensure children remain protected as internet use continues to grow.

“While the internet offers significant opportunities for learning, creativity, and communication, it also exposes children to risks such as cyberbullying, harmful content, online exploitation, misuse of personal data, and emerging challenges linked to artificial intelligence tools,” Tijani said.

He added that public participation will determine whatever policy the government adopts.

“As Nigeria evaluates potential policy approaches for protection of children online, including age restrictions, improved age verification systems, platform accountability measures, and enhanced regulatory oversight, public input is essential to ensure that any framework adopted reflects national priorities and respects children’s rights,” he said.

If introduced, Nigeria would join several countries that have already placed age restrictions on children’s access to social media.

Australia introduced one of the toughest regulations in December 2025. The law bans social media use for people under 16 and requires platforms such as TikTok, Instagram and YouTube to enforce the restriction.

Lawmakers in France also passed legislation in January 2026 to ban social media for children under 15. President Emmanuel Macron backed the bill, arguing it would help curb excessive screen time among young users.

Denmark has announced a similar plan. Its government secured political backing in late 2025 for a ban covering children under 15.

Authorities in Indonesia have also confirmed a ban on social media use for those under 16, pointing to child safety concerns.

Across the world, governments are working to ensure better management. Recent global tracking shows more than 40 countries are studying or introducing some form of age restriction for social media.

Smartphone use has expanded in the past decade, pushing internet access into homes, schools and workplaces across the country. Social media has followed the same path.

According to the National Commissioner of the Nigeria Data Protection Commission, Vincent Olatunji, more than 40 million Nigerians now spend about six hours each day on social media platforms.

He said this level of activity makes it important for users to understand the risks tied to sharing personal information online.

Child protection groups and policymakers have repeatedly warned that minors are especially vulnerable. Concerns range from online exploitation to exposure to harmful content and weak data protection.

Through the new consultation, the government hopes to gather enough public input before deciding whether Nigeria should introduce age limits, stronger verification systems or tighter rules for digital platforms operating in the country.

In a statement on Tuesday, the commission said it endorsed the “Joint Statement on AI-Generated Imagery and the Protection of Privacy”, a document coordinated by the International Enforcement Cooperation Working Group of the Global Privacy Assembly.

The statement highlights concerns over tools that can create realistic images and videos of identifiable people. Regulators say such tools are being misused to produce non-consensual images, defamatory materials and other harmful content. Children and other vulnerable groups face the greatest risk.

According to the NDPC, the initiative with data authorities urges organisations to put safeguards in place before deploying such systems. It also asks companies to be transparent about how their tools work, set up effective content removal channels and comply with data protection laws in their countries.

AI tools are now widely accessible, and in many cases, they can generate images that look real within seconds. When those images feature real people, the privacy impact is immediate.

The commission said its participation reveals Nigeria’s ongoing efforts to promote responsible use of artificial intelligence, referring to steps already taken at home, including work on a national policy framework.

The Minister of Communications, Innovation and Digital Economy, Dr Bosun Tijani, previously led the development of Nigeria’s National AI Strategy.

In addition, the NDPC issued its General Application and Implementation Directive (GAID), which requires data controllers and processors to embed privacy protections into their systems from the design stage.

The National Commissioner and Chief Executive Officer of the NDPC, Dr Vincent Olatunji, has now directed that Compliance Audit Returns under the Nigeria Data Protection Act will be used to assess how major data controllers and processors apply AI in their operations.

The commission said the audit process will serve as a benchmark for monitoring responsible data processing practices, especially where AI tools are involved.

Representing the CEOs of all parastatals under the Ministry of Communications, Innovation and Digital Economy, the National Commissioner of the Nigeria Data Protection Commission (NDPC) spoke at the opening of the 2025 Digital Nigeria International Conference, a gathering of visionaries and innovators determined to redefine Africa’s digital landscape.

Dr. Olatunji reminded the audience that the world is already deep into the digital era, where 18.8 billion connected devices serve a global population of just 8.2 billion people. “That’s more devices than humans,” he said, underscoring how technology now shapes everything, from commerce to communication, from governance to growth.

Yet, amid this transformation, he noted, Nigeria stands at a crossroads. The nation has the human capital, the creativity, and the resources to lead, but its biggest challenge remains fragmentation.

“We must build bridges between sectors, not silos,” he urged. “Our power lies in collaboration.”

With a sparkle of optimism, Dr. Olatunji spoke about Nigeria’s youth, 65% of whom are tech-savvy. “Technology is the only language they understand,” he said, describing them as the country’s secret weapon in the race toward global competitiveness.

He challenged innovators to channel their creativity into platforms that solve real problems, just as global disruptors like Uber, Booking.com, and Amazon have done, redefining industries without owning traditional assets.

Pointing to the National Digital Economy and E-Governance Bill, which recently advanced to public hearing at the National Assembly,

Dr. Olatunji called it a “landmark step” toward institutionalizing Nigeria’s digital transformation. The bill, he explained, will establish a unified legal framework for data governance, cybersecurity, and electronic transactions, creating the structure Nigeria needs to thrive in the global digital marketplace.

He also paid tribute to President Bola Ahmed Tinubu’s early commitment to digital progress, reflected in his swift signing of the Nigeria Data Protection Act, and to Dr. Bosun Tijani’s visionary leadership as Minister, whose technocratic approach continues to unite the ecosystem behind a shared mission of innovation and inclusion.

As the hall erupted in applause, Dr. Olatunji’s closing words lingered like a challenge to all who dream of a truly digital Nigeria:

“We must come together, innovate together, and rise together. The time to act is now, because Nigeria’s place in the global digital economy will be defined by what we build, not what we wait for.”

A detailed review by cybersecurity firm Surfshark reveals that five major social media platforms, Meta’s Facebook and Instagram, TikTok, LinkedIn, and X (formerly Twitter), have together gotten fines amounting to €3.9 billion. Meta alone is responsible for nearly 70% of that figure.

The most eye-opening fine came in 2022, when Instagram was ordered to pay €405 million. The offence? Automatically setting business accounts created by children to public, exposing sensitive information without consent. 

Then came another blow in late 2024, Facebook was fined €251 million following a data breach that compromised the personal data of minors. These incidents make Meta the most penalised company under the GDPR framework.

TikTok hasn’t escaped this either. Its failure to properly handle children’s data has led to three separate fines, with the most recent one issued this year. 

Together, these penalties total €890 million. The platform allowed underage accounts to default to public failed to provide privacy policies in local languages like Dutch, and permitted adults to falsely register as legal guardians, without verifying their authority to do so.

LinkedIn and X have each received single fines, €310 million and €450,000 respectively. Platforms like YouTube, Snapchat, Pinterest, Reddit, and Threads have so far avoided penalties, but experts caution that this is not necessarily evidence of full compliance.

“The current enforcement efforts by data protection authorities are rather reactive, sometimes they are non-existent at all,” said Felix Mikolasch, a data protection lawyer at NOYB, a European privacy advocacy group. 

Over one-third of all GDPR fines issued to social platforms relate specifically to mishandling children’s data.

We see that the European Union is stepping up its enforcement of GDPR rules, particularly as digital platforms increasingly target younger audiences and collect vast amounts of personal information. 

Since Surfshark’s last report in October 2023, there has been a 30% jump in the total value of fines, driven by four new cases, two linked to Meta, one to LinkedIn, and another to TikTok.

Meanwhile, here in Nigeria, social media companies including Meta and TikTok operate freely, despite evidence of similar data practices. No major fines have been announced. The Nigeria Data Protection Commission (NDPC) has opted for a softer, compliance-first approach.

“Usually, when we investigate and find a breach, if they are ready to comply with the law, what is the point of making noise?” said the NDPC’s National Commissioner, Dr. Vincent Olatunji. “It’s only when an organisation is unwilling to comply with the law that we are forced to impose sanctions.”

Dr. Olatunji added that the Commission also considers the economic impact. Penalising foreign tech companies could send the wrong signals to investors. 

That rationale might explain why, despite operating under Nigeria’s Data Protection Act, which mirrors many of GDPR’s core principles, no social media platform has yet been held publicly accountable for breaches.

This raises a fundamental question which says can a model based on dialogue and remediation work where enforcement by example has already proven effective elsewhere?

Europe’s approach is that any company that breaks the rules pays the price. Nigeria’s model, however, leans heavily on trust, hoping compliance will come without punishment. 

This appointment was confirmed at the meeting of the Committee on Wednesday, 2nd April, 2025.

The statement signed by Babatunde Bamigboye, head, Legal, Enforcement & Regulations at NDPC, further reads:

“The Committee serves as a multilateral platform for promoting data privacy and protection among members.

“While accepting the appointment, Dr Olatunji expressed his gratitude for the confidence reposed in Nigeria to chair the Committee at this crucial phase of Africa’s drive towards safeguarding the privacy rights of her over 1.4 billion people in the global data processing value chain.

“Dr Olatunji further urged members to see the work of the Committee as a collective responsibility which must be discharged for the benefit of data subjects across Africa.

It will be recalled that Nigeria is also scheduled to host the 2025 NADPA Annual General Meeting and Conference from 6th May through 8th May, 2025.

The theme of the Conference is: “Balancing Innovation in Africa: Data Protection and Privacy in Emerging Technologies”.

The Conference is targeted at showcasing the significant milestones of Nigeria under President Bola Ahmed Tinubu, towards building a sustainable digital economy.

It will be recalled that the NJI is responsible for the training of judicial officers in Nigeria from magistrate courts to the Supreme Court of Nigeria.

This latest support to NDPC is in line with its objective of safeguarding the data privacy rights of Nigerians.

During a courtesy visit of the Commission, to NJI, Dr Vincent Olatunji, the national commissioner and CEO of the NDPC, lauded the management of NJI under the leadership of Hon. Justice Salisu Garba Abdullahi, (Rtd) for the milestones the Institute has achieved in human capital development particularly in relation to judicial officers and fellows of the institute.

While commenting on the importance of the Nigeria Data Protection Act in the face of disruptive technologies, Dr. Olatunji reiterated the need to collaborate with NJI in keeping judicial officers abbrest of privacy Jurisprudence.

He noted that decisions on enjoyment of data privacy rights in relation to one citizen have fundamental implications on all citizens.

“It is the digital age, and the protection of the privacy of all citizens worldwide is paramount. It is now the right of all citizens to have their privacy protected. This is why countries across the globe are putting adequate measures in place to ensure enforceable data protection rights, as well as establishing data protection authorities to enforce data protection laws,” Dr Olatunji stated.

In his response, Hon Justice Abdullahi commended the NDPC, under Dr Olatunji’s leadership, for its significant achievements since its establishment.

He pledged to collaborate with the NDPC to raise awareness on data protection and privacy within the judiciary and accepted the NDPC’s proposal anchored on capacity building for judges, NJI fellows, and employees.

According to the eminent jurist,

“The issue of data protection is very important. It is new, and judges need to be trained. The first step we should take is to review the Act (NDP Act) that established the Commission. Additionally, there is a need for us to train our fellows on data protection.”

According to a statement on Sunday, signed by Itunu Dosekun, head of Media at the Commission, NJI and NDPC have put in place a technical working group that will draw up a work plan and coordinate the initiatives for capacity building.

The working group is expected to report back within days in order to commence implementation.

The NiRA team met with Dr. Vincent Olatunji, the national Commissioner, at the NDPC Headquarters in Abuja.

During the meeting, Mr. Akinsanya commended Dr. Olatunji for his unwavering dedication to enhancing data protection and privacy in Nigeria.

He emphasized NiRA’s role in overseeing more than 130 registrars using the .ng domain and highlighted the proactive training initiatives already in place to equip these registrars with the fundamentals of data protection.

Mr. Akinsanya also underscored the need for additional capacity-building opportunities for both NiRA staff and registrars, reaffirming the organization’s steadfast commitment to supporting NDPC’s vision for a secure digital environment.

“At NiRA, promoting data privacy is a priority, and the organization continues to implement various initiatives to safeguard Nigeria’s internet space.

These efforts include training accredited registrars on Compliance & Domain Abuse Issues, delivering data protection and privacy training, and raising public awareness on these critical topics through extensive social media outreach”, he said.

In his reponse, Dr. Olatunji extended an invitation to NiRA to partner with the NDPC in hosting the upcoming Network of African Data Protection Authorities (NADPA) Conference, scheduled for May 2025.

The meeting saw robust representation from NiRA, with key figures including Mr. Murtala Abdullahi (Vice President), Mrs. Busayo Balogun (Head of Corporate Services), Mrs. Uchechi Kalu (Abuja Admin Officer), Mr. Habeeb Wahab, and Mr. Olumide Coker (Dean of NG Academy).

This productive dialogue between NiRA and the NDPC underscores the importance of collaborative efforts in creating a secure digital ecosystem.

By aligning our goals, both organizations are working to ensure Nigeria’s internet space remains robust, resilient, and ready to meet the challenges of an ever-evolving digital world.

“As NiRA continues to champion data protection and privacy, this partnership with the NDPC marks a pivotal moment in our shared mission. Together, we are setting the stage for a safer digital future for Nigeria and the African continent”, Mr. Akinsanya added.

[Source] Image: NiRA/Facebook]

He stated during a keynote remarks at the maiden edition of NDPC breakfast meeting with Data Protection Compliance Organizations (DPCOs) and other stakeholders, held in Lagos recently.

The NDPC Boss noted that the data ecosystem “is a global phenomenon, attracting global attention at all level of governance, and at the international level. So, what we have is a huge market and all us must work together to achieve the purpose and manage these opportunities. As earlier mentioned, ours is a sector that is recognized by the government and the international community.

Why commenting on the levels of successes, and tractions the organization has gotten in the recent time, Dr. Olatunji said “I will tell you that level of attention that we attracted from outside Nigeria is far more than what we have in Nigeria.

“Every day we keep getting requests from the international community on what we are doing as a commission and how we are doing it. Even countries that started before us are coming to ask questions about what we are doing in Nigeria.

“This speaks to the fact that we have adopted a model that is unique to us; the beautiful thing about Nigeria is if we adopt anything from anywhere we have the capacity to transform it to a better form”.

According to him, “the meeting is essentially focused on collecting information, data and to further engage stakeholders in the industry. One thing that has really worked for us as a Commission is that we engage with our stakeholders, we listen to their comments and advise. Even critical feedbacks from them are welcome and our doors are always open to anybody that is willing, because this will make us get better and all of this is to the benefits of this great country.

He noted that the breakfast meeting which was the first of its kind was borne out of the ideas shared by stakeholders in the industry.

“I think this is this is the first time we are meeting with you as an organization, although before now we have been engaging with you on individual basis and virtually”, he said.

This was made possible by some of you, because earlier in March a consortium of law firms made up of largely DPCOs visited our Commission and brought some wonderful and insightful suggestions, one of the suggestions birthed the meeting of today.

“So, any suggestion you have to improve this ecosystem is welcome, because I would say that this ecosystem is providing solution to the challenges that everyone can benefit from, ranging from the government, private organizations, business-owners amongst others.

He however, charged the Data Protection Compliance Organisations, to be up and doing, by working hard to benefit from the data ecosystem.

“It is not going to be business as usual. We need to revoke some license from the DPCOs that are not really working. So, all of us should buckle up, work and contribute to what we are trying to do”, he said.

Meanwhile, Adamma Isamade, the acting head of Legal, Enforcement and Regulation Department atthe Commission, emphasized that the Commission is open to constructive suggestion that will advance the course of NDPC.

According to her, the DPCOs are the second ‘P’ project in the ‘PPP’ Project signifying the Private sector.

“We recognize what you are doing and what you would to ensure that the ecosystem (Data Protection and Privacy Ecosystem System) develop and grow to international standard”, she said.

Many DPCOs at the breakfast session applauded NDPC for its resilience and far-reaching decisions to move the industry forward.

Relying on sections 5(d), 44 and 65 of the NDPA, organizations that are of “particular value or significance to the economy, society or security of Nigeria” are designated by the Commission as data controllers and processors of major importance.

According to the Guidance Notice dated 14th of February and signed by Babatunde Bamigboye, the commission’s Head of Legal Enforcement and Regulations, “A data controller or data processor shall be deemed to have particular value or significance to the economy, society or security of Nigeria and hence designated to be of major importance if it keeps or has access to a filing system (whether analogue or digital) for the processing of personal data”. 

In addition to this, the Commission also identified specific data processing such as those involving sensitive personal data, cloud computing, trans-border data transfers, processing the personal data of over 200 data subjects and access to data storage platform of third parties in commercial transactions as necessary factors in considering organizations that are data controllers or processors of major importance.

In order to foster ease of doing business, particularly for small organizations involved in potentially high-risk data processing, the Commission varies the payable fees according to the level of Major Data Processing (MDP) involved.

Major Data Processing (MDP) is classified into 3 levels, namely:

1. Ultra High Level (UHL),
2. Extra High Level (EHL) and
3. Ordinary High Level (OHL) of Major Data Processing.

The fees payable are N250,000, N100,000 and N10,000 respectively.

Organizations in the MDP-UHL categories include but are not limited to the following are:

1. Commercial banks operating at national or regional level,
2. Merchant Banks
3. Telecommunication companies
4. Insurance companies,
5. Multinational companies,
6. Payment gateway service providers;

Similarly, the following organizations, among others are Organizations within MDP-EHL category:

1. Ministries, Departments and Agencies of government,
2. Micro finance Banks,
3. Higher Institutions,
4. Hospitals providing tertiary or secondary medical services, and
5. Mortgage banks;

Lastly, at the MDP-EHL category we have organizations such as:

1. Small and Medium Scale Enterprises (it must be such that have access to personal data which they may share, transfer, analyze, copy, compute or store in the course of carrying out their individual businesses)
2. Primary and Secondary Schools
3. Primary Health Centres
4. Agents, contractors and vendors who engage with data-subjects on behalf of other organizations.

The breakdown of the categories are contained in the Guidance Notice posted on the Commissions website here.

Dr Vincent Olatunji, the NDPC’s National Commissioner and CEO, urged data controllers to eschew activities that may put citizens at risk especially when millions of Nigerians are sharing their personal data such as bank details, pictures, health and academic records online.

According to the NDPC boss,

“The risks are getting higher even as the opportunities are also increasing; we are reminded of the warning by those in the frontiers of the 4th Industrial Revolution that we have a price to pay for liberty. The price is eternal vigilance. It is therefore important to properly and functionally identify the persons and the data processing to which we must direct the torch of vigilance. Registration is one in a continuum of measures we are taking in this regard. It is, however, the entry point of accountability going forward.”