In a year that began with ultimatums and ended in hastily negotiated settlements, 2025 will be remembered as the moment Africa’s regulators discovered their teeth. Meta Platforms learned this the expensive way — twice. WhatsApp’s parent company found itself simultaneously battling data protection enforcers in South Africa and Nigeria, while across North Africa, food delivery platform Glovo faced down Morocco’s Competition Council.
The common thread? Aggressive regulatory action, protracted legal battles, and ultimately, confidential settlements that left civil society groups demanding transparency even as they celebrated the principle of the thing.
The WhatsApp Ultimatum: South Africa’s Four-Year Standoff
The roots of South Africa’s confrontation with WhatsApp stretch back to January 2021, when Meta (then still calling itself Facebook) issued what amounted to a digital ransom note to its two billion users worldwide: accept our new privacy policy by February 8, or lose access to WhatsApp entirely.
The move sparked immediate global backlash. In South Africa, it triggered a four-year investigation by the Information Regulator that culminated in a September 2024 enforcement notice accusing WhatsApp of violating seven sections of the Protection of Personal Information Act (POPIA).
The regulator’s case was elegantly simple: WhatsApp offered European users robust privacy protections under GDPR — including explicit consent mechanisms and clear opt-out provisions — but denied the same to South African users, despite South Africa’s data protection framework being modelled on the very same European standards.
“While the legislative landscape in Europe and South Africa is similar, WhatsApp should apply the same privacy policy it employs in Europe,” Information Regulator chairperson Pansy Tlakula argued in her November 13 announcement of the settlement.
WhatsApp’s counterargument — that it couldn’t be held to European standards in Africa — rang hollow given the company’s own choice to implement GDPR-compliant policies globally in 2018, only to quietly roll them back in non-European markets when it thought no one was watching.
The enforcement notice gave WhatsApp 60 days to demonstrate compliance or face penalties of up to R10 million ($550,000), imprisonment for executives up to 10 years, or both. WhatsApp initially responded with a legal challenge seeking to quash the regulator’s authority entirely — a move that would have tested whether South Africa’s data protection regime had any real enforcement power.
Then, perhaps sensing the optics of a Silicon Valley giant suing an African data protection regulator into submission, WhatsApp blinked. The settlement, announced November 13 and adopted as a court order, requires “several enhancements to the transparency information” provided to South African users — though the specifics remain undisclosed.
For South African WhatsApp users, the practical outcome is modest but meaningful: they won’t lose access for declining to accept new terms, though some features (business messaging, Meta AI) may be limited. More importantly, the regulator established that “take it or leave it” data policies violate South African law — setting a precedent that extends beyond WhatsApp to every platform operating in the country.
Nigeria’s $32.8 Million Question Mark
If South Africa’s case was about principle, Nigeria’s was about power — and money. Lots of it.
On February 18, Nigeria’s Data Protection Commission (NDPC) slapped Meta with a $32.8 million fine, alongside eight corrective orders, for alleged violations including behavioural advertising without explicit consent, processing data of non-users, failing to file mandatory compliance audits, and transferring user data abroad without authorisation.
Meta’s initial response was predictable: deny, challenge, threaten. The company filed for judicial review on February 26, seeking to nullify the NDPC’s authority entirely. At one point, Meta reportedly threatened to shut down its Nigerian operations rather than comply — a move that would have affected the country’s estimated 30 million Facebook users and 50 million WhatsApp users.
The legal battle proceeded through spring and summer 2025, with Meta’s lawyers arguing the NDPC had denied them fair hearings and due process. The commission countered that Meta was attempting procedural gamesmanship to avoid accountability under Nigeria’s Data Protection Act, signed into law by President Bola Tinubu in June 2023.
Then came October 3, when Justice James Omotosho’s Federal High Court in Abuja was scheduled to rule on the NDPC’s preliminary objection. Instead, both parties announced they had reached a settlement. On November 3, the judge formally adopted the terms as judgment, bringing the case to a close.
The settlement terms? Entirely confidential.
This lack of transparency has drawn sharp criticism from civil society groups, who argue that without knowing what commitments Meta made — or whether it paid the full fine — there’s no way to assess whether the settlement genuinely advances data protection or simply allows Meta to avoid public accountability.
The Media Institute of Southern Africa warned that “settlements must not become a shield for non-compliance,” calling for continent-wide standards to govern tech platforms.
Morocco: The Algorithmic Overlord Problem
While Meta battled regulators in two African countries simultaneously, Delivery Hero’s Glovo faced a different kind of reckoning in Morocco — one focused not on privacy but on market power and the economics of platform dependency.
The Competition Council’s investigation began in February 2024 following a complaint from local competitor Kooul, which alleged Glovo was leveraging its dominant market position to stifle competition. In late 2024, the council conducted a dawn raid on Glovo’s Casablanca offices — Morocco’s first aggressive enforcement action against a digital platform.
The council’s May 2025 grievance notification painted a picture of systematic abuse: exclusive contracts that prevented restaurants from working with competing platforms, commission rates that choked restaurant margins, opaque ranking algorithms that determined which businesses thrived or died, and a delivery courier system that classified workers as independent contractors while treating them as employees in all but name.
For many Moroccan restaurant owners, the investigation validated what they’d long suspected. “It’s take-it-or-leave-it,” one Casablanca restaurateur told reporters, speaking anonymously for fear of retaliation. “If Glovo brings 80% of your online orders, can you really negotiate commissions or reject their terms?”
Rather than fight, Glovo opted for settlement, which the Competition Council approved July 24. The terms are binding and monitored:
For restaurant partners: All exclusivity clauses removed. Commission rates capped at 30%. Transparent ranking criteria published. No retaliation for working with competitors.
For delivery couriers: An additional 31 million dirhams ($3.1 million) annually in financial contributions, plus a 5 million dirham Courier Impact Fund for education and training. Workers remain classified as independent contractors, though with “fairer valuation of services.”
For compliance: A formal competition law compliance programme, complete with risk mapping and a dedicated manager.
The financial penalty itself remained undisclosed — a pattern that’s becoming disturbingly common in these settlements.
Three Cases, One Pattern
Strip away the geographic and sectoral differences, and a consistent narrative emerges from 2025’s major African regulatory actions:
The Setup: Global tech platforms implement policies and business practices in African markets that they wouldn’t dare attempt in Europe or North America, banking on regulatory arbitrage and the assumption that African enforcers lack teeth.
The Confrontation: Newly empowered regulators — armed with recent legislation often modelled on GDPR — issue enforcement notices, impose substantial fines, and dare platforms to either comply or leave.
The Brinkmanship: Platforms respond with legal challenges, jurisdictional arguments, and occasionally, threats to withdraw services entirely. Court battles drag on for months.
The Settlement: Facing unfavourable court rulings and increasingly bad optics, platforms agree to settlements that involve compliance commitments and possibly financial penalties — but almost always with confidential terms.
The Transparency Gap: Civil society groups celebrate the principle but lament the lack of public detail, questioning whether settlements genuinely change behaviour or merely allow platforms to avoid accountability while appearing conciliatory.
What It Means
For platforms, 2025’s settlements represent a recalibration. The era of treating African markets as regulatory wild west — implementing globally banned practices while hiding behind claims of local customisation — appears to be ending. South Africa, Nigeria, and Morocco demonstrated both the will and the capacity to challenge even the most powerful tech companies.
The confidentiality of settlement terms, however, creates a troubling precedent. Without transparency, there’s no way to know if Meta paid Nigeria’s full $32.8 million fine or negotiated it down to a token amount. There’s no public record of what specific commitments WhatsApp made to South Africa beyond vague promises of “enhanced transparency.” Morocco’s Glovo settlement disclosed operational changes but kept the financial penalty secret.
This opacity matters because it affects deterrence. If platforms can settle quietly, paying modest sums while admitting no wrongdoing, the enforcement threat loses much of its power. Other platforms learn they can push boundaries, secure in the knowledge that if caught, they can negotiate behind closed doors.
For African regulators, the challenge now is consolidation. Individual countries demonstrated they can take on tech giants and win — at least in the narrow sense of forcing settlements. But Meta settling with South Africa and Nigeria separately, rather than implementing continent-wide changes, suggests platforms still see African markets as fragmented rather than unified.
The African Commission on Human and Peoples’ Rights’ Resolution 630, adopted in March 2025, calls for continental standards on digital governance. Whether this translates into coordinated regulatory action — rather than 54 separate enforcement regimes that platforms can play off against each other — remains to be seen.
The Bottom Line
The settlements of 2025 established important precedents: African data protection and competition laws have genuine enforcement power. Platforms can’t simply ignore them. Regulators are willing to challenge even the largest tech companies.
But they also revealed limitations: Confidential settlements undermine transparency and accountability. Individual country enforcement remains fragmented. The line between legitimate regulatory action and potential government overreach isn’t always clear.
As Africa’s digital economy grows — projected to reach $180 billion by 2025 and $712 billion by 2050 — these tensions will only intensify. The question isn’t whether platforms will face more regulatory challenges, but whether those challenges will produce genuine reform or merely teach companies to negotiate better settlements.
Meta, for its part, can now claim experience settling with African regulators. Whether that experience leads to better practices or simply better legal strategies remains the open question that will define 2026 and beyond.
This article reflects reporting through November 25, 2025. Settlement terms disclosed publicly were used where available; undisclosed terms are noted as such.
