In a pivotal week for digital rights and regulation in Europe and Africa, lawmakers, regulators, and tech giants are grappling with the future of privacy, artificial intelligence, and online safety. From Nigeria’s landmark settlement with Meta Platforms Inc. to the Italian Senate’s passage of a sweeping artificial intelligence law, and a heated debate in Brussels over child protection versus privacy, the global digital landscape is being redrawn—one regulation at a time.
On October 8, 2025, EU countries convened in Brussels to determine the fate of a controversial legislative proposal aimed at combating child sexual abuse material online. The plan, first introduced by the European Commission in May 2022, would require online platforms and messaging services to detect and report images and videos of abuse, as well as attempts by predators to contact minors.
Supporters, including multiple child protection groups, argue the measure is overdue. A report by the U.K.-based Internet Watch Foundation found that 62 percent of the world’s identified child sexual abuse material last year was hosted on servers within the EU. Under current rules, platforms only detect such content voluntarily—a system Brussels now sees as inadequate given the scale and speed of the problem. The existing legal framework remains until April 2026, but the new proposal would make detection mandatory.
Yet, the debate is far from settled. Critics, including the EU’s own data protection authorities, lawmakers, and countries such as Germany, warn that the proposal poses a “disproportionate” threat to privacy. The heart of the concern is technology that would scan private conversations—even on encrypted apps like Signal and WhatsApp. “This would spell the end of secrecy of correspondence, which is essential for whistleblowers,” German activist and former EU lawmaker Patrick Breyer told AFP. He fears that such legislation could eventually be exploited by authoritarian regimes to “crack down on political opponents” by monitoring their conversations.
Opposition has been fierce and highly organized. Campaigners have flooded EU officials with messages under the banner "Stop Chat Control," aiming to sway the debate. “I’ve never seen anything like it, on any other file,” one EU diplomat told AFP, noting the thousands of emails arriving each day.
Denmark, which currently holds the rotating EU presidency and drafted the latest version of the proposal, insists that the necessary safeguards are in place. According to Danish officials, only images and links—not text messages—would be subject to scanning, and the system would be activated only after a decision by an independent judicial or administrative authority. “We have to be very clear: under this proposal, there is no general monitoring of online communications. There will be no such thing as ‘chat control’,” European Commission spokesperson Markus Lammert said, emphasizing the goal of protecting children from a growing online threat.
What happens next hinges largely on Germany’s position. If Berlin backs the proposal, it would likely pass under the EU’s qualified majority voting rules, allowing member states to formally adopt the measure at a meeting in Luxembourg next week. If Germany abstains or opposes, negotiators will head back to the drawing board, with no guarantee the law will ever be enacted.
While Europe debates the balance between privacy and protection, Italy has taken a significant step forward in regulating artificial intelligence. On September 23, 2025, the Italian AI Law was signed into law after final approval by the Senate. Set to enter into force on October 10, 2025, the law complements the EU’s Artificial Intelligence Act and establishes a robust national framework for AI governance.
The Italian AI Law designates two key authorities: the Agency for Digital Italy (AgID) as the notifying authority responsible for procedures, notifications, and monitoring; and the National Cybersecurity Agency (ACN) as the market surveillance and enforcement authority. The law authorizes the secondary use of personal data—stripped of direct identifiers—for public interest and not-for-profit scientific research, such as developing AI systems for disease prevention, diagnosis, and treatment. In these cases, transparency obligations can be met by publishing a privacy notice online, and processing can begin 30 days after notifying the Italian data protection authority, barring any blocking measures.
In the workplace, employers must inform workers of the use of any AI systems and provide appropriate training. For minors, parental consent is required for those under 14 to access AI technologies, while those aged 14 to under 18 may consent themselves, provided the information is accessible and clear.
The law also introduces targeted copyright amendments: works created with the aid of AI tools may be protected under copyright law if they result from the author’s intellectual work. Text and data mining of online works and databases using AI is permitted, subject to copyright law and the owner’s right to opt out. Notably, the final version of the law removed a proposed localization requirement for AI system servers used by public bodies, opting instead for a recommendation to prefer data centers located in Italy when choosing suppliers for public procurement platforms. Similarly, a draft provision requiring labeling of AI-generated news was omitted, with general transparency requirements under the EU AI Act applying instead.
The Italian government is also empowered to adopt further measures within twelve months to align with the EU AI Act, assign supervisory and sanctioning powers, define comprehensive rules for data and algorithms, set rules for AI use in policing, and update civil and criminal penalties.
Meanwhile, in Africa, another major development is underway. Meta Platforms Inc., the parent company of Facebook and Instagram, has agreed to pay a $32.8 million settlement to the Nigerian Data Protection Commission (NDPC) after alleged breaches of Nigeria’s Data Protection Act. The settlement, expected to be finalized by the end of October 2025, is one of the most significant enforcement actions on the continent against a global tech giant, according to BBC.
The dispute began in February 2025, when the NDPC fined Meta for a series of data privacy violations: using Nigerian users’ personal data for behavioral advertising without explicit consent, processing personal information of non-users, failing to submit mandatory compliance audits, and unauthorized international data transfers. Initially, Meta contested the fine and the procedures followed by the NDPC, seeking a more collaborative resolution. However, the company ultimately opted for a settlement, signaling a willingness to align with Nigeria’s data protection requirements.
As part of the agreement, Meta must update its privacy policies to meet Nigerian legal standards, conduct localized data protection assessments, ensure explicit user consent before targeted advertising, and enhance transparency around data processing and cross-border transfers. These measures aim to bring Meta into compliance and establish a model framework for other international tech companies operating in Nigeria.
Nigeria’s assertive regulatory stance is part of a broader trend across Africa, where countries like Kenya, South Africa, and Ghana are strengthening data privacy laws to protect citizens from misuse of personal information. The NDPC’s actions reinforce Nigeria’s commitment to digital sovereignty, user protection, and corporate accountability, and experts believe the Meta settlement could set a precedent for similar actions continent-wide.
For Meta, the settlement represents both a financial and operational challenge, requiring restructuring of data practices within Nigeria and ongoing engagement with regulators. Analysts suggest this could prompt other tech companies to prioritize data transparency, local compliance, and user consent mechanisms across their platforms in Africa.
Together, these developments in Europe and Africa signal a new era for digital governance—one where regulatory authorities are asserting their power, global tech companies are being held to account, and the rules of the online world are being rewritten to prioritize privacy, safety, and user rights. The outcome of these cases will shape the future of digital policy and corporate behavior, not just in Nigeria or Italy, but across continents, as the world adapts to the challenges and opportunities of the digital age.
