The Nigeria Data Protection Commission (NDPC) has imposed an administrative fine of N766,242,500 (Seven Hundred and Sixty-Six Million, Two Hundred and Forty-Two Thousand, Five Hundred Naira) on Multichoice Nigeria for breaches of the Nigeria Data Protection Act (NDP Act).
The investigation, which began in the second quarter of 2024, was triggered by reports of suspected violations of subscribers’ privacy rights and unlawful cross-border transfers of Nigerians’ personal data. The NDPC found that Multichoice had infringed on the privacy rights not only of its subscribers but also of their contacts who were not necessarily subscribers themselves.
Also, the Commission said that Multichoice engaged in illegal cross-border transfers of personal data relating to Nigerian data subjects.
It described the scope of the company’s data processing as “patently intrusive, unfair, unnecessary, and disproportionate, constituting a grave violation of the fundamental right to privacy as guaranteed under Section 37 of the 1999 Constitution of the Federal Republic of Nigeria”.
The Commission emphasized that Nigeria has both the right and the duty to protect its citizens’ data and uphold data sovereignty under international and domestic laws. These protections are vital for maintaining the rule of law, safeguarding national security, and supporting sustainable economic growth.
As part of its standard remediation procedure, the Commission directed Multichoice to implement appropriate remedial measures. However, it found the measures undertaken by Multichoice unsatisfactory. Due to this lack of cooperation, the NDPC has imposed the administrative fine of N766,242,500 for violations of the NDP Act.
In light of these findings, the NDPC National Commissioner, Dr. Vincent Olatunji, has ordered an investigation into all outlets through which Multichoice collects the personal data of Nigerian citizens. Any outlet found processing personal data in violation of the NDP Act will be subject to penalties under the law.
