Meta Platforms Inc., the parent company of WhatsApp, Facebook, and Instagram, has formally consented to a directive issued by the Pretoria High Court, obliging the disclosure of user data in connection with a case involving the distribution of explicit content relating to South African schoolchildren. The technology conglomerate, headquartered in the United States, confirmed its commitment to disable identified accounts and furnish the relevant subscriber information within a period of three business days, following mounting legal and public pressure.
This significant legal development emerged from litigation initiated by Emma Sadleir, a leading expert in social media law and the founder of The Digital Law Company, who discovered a coordinated network of over 30 Instagram accounts and at least six WhatsApp channels disseminating unlawful material involving minors. The content, which included both explicit images and private information, was widely circulated before legal intervention curtailed further spread. According to court documents, new accounts were being established at frequent intervals, suggesting a structured and persistent effort to evade platform safeguards.
The court order compels Meta to provide key subscriber data, including names, email addresses, phone numbers, and IP addresses associated with the creation and most recent access of the accounts in question. These disclosures, which Sadleir characterised as “critical to identifying the perpetrators”, aim to support law enforcement investigations and safeguard vulnerable populations online.
Initially, Meta resisted the order, leading to the filing of a contempt of court application by the applicant’s legal team. The company countered that the proceedings had erroneously named the wrong legal entity, resulting in procedural delays. However, the legal risk escalated substantially when a motion was filed that could have led to the imprisonment of Meta’s Southern Africa representative, Thabiso Makenete, for non-compliance.
Faced with the potential for criminal liability and reputational risk, Meta agreed to a settlement on 18 July 2025. As part of the agreement, more than 60 offending accounts have already been deactivated, and the company has pledged to release the required data under conditions of strict confidentiality. Sadleir described the outcome as a groundbreaking development in South African jurisprudence, noting that it may represent the first occasion where a multinational technology firm has formally acceded in writing to a data disclosure order from a South African court.
This case is not without precedent in the country’s evolving relationship with large technology firms. In 2024, South Africa’s Information Regulator raised concerns regarding WhatsApp’s ambiguous privacy terms and unauthorised data sharing practices, citing non-compliance with the Protection of Personal Information Act (POPIA). The current litigation adds further complexity to an already fraught regulatory environment, raising questions about the boundaries between data privacy, corporate accountability, and child protection.
While child welfare advocates have commended the court’s decision as a necessary measure to combat online exploitation, digital rights organisations have voiced concerns about the potential implications for data governance. A spokesperson for the South African Digital Rights Forum cautioned against the possibility of overreach, stating that, “We must ensure that data disclosures do not set a precedent for unchecked surveillance or erosion of privacy safeguards.”
Nonetheless, the resolution of this case is being interpreted by legal analysts as indicative of the growing assertiveness of African courts and regulatory authorities in holding global digital platforms to account. As jurisdictions across the continent grapple with the rapid acceleration of cybercrime and the associated risks to vulnerable populations, this ruling may mark a turning point in the enforcement of digital legal standards.
The agreement between Meta and the Pretoria High Court thus represents more than mere compliance—it signals an evolving dynamic between multinational corporations and sovereign regulatory bodies in the Global South, where the protection of digital rights and public safety must increasingly be balanced within the rule of law.
