By The Nigerian Data Protection Commission (NDPC) has imposed a ₦766,242,500 fine on Multichoice Nigeria, citing violations of the Nigerian Data Protection Act (NDPA). The penalty follows an investigation into alleged breaches of privacy rights involving subscriber data and illegal cross-border data transfers.
RELATED: NDPC probes MTN’s MoMo PSB over privacy breach
This enforcement action underscores Nigeria’s rising commitment to safeguarding digital rights and ensuring corporate compliance with local data privacy laws.
Illegal Data Processing and Cross-Border Transfers Uncovered
The NDPC’s investigation, which began in Q2 2024, revealed that Multichoice:
- Violated the privacy rights of both subscribers and their contacts, some of whom are not customers.
- Conducted illegal cross-border transfers of Nigerian citizens’ personal data.
- Engaged in intrusive and disproportionate data processing, deemed unnecessary and unfair.
Mr. Babatunde Bamigboye, NDPC’s Head of Legal, Enforcement & Regulations, noted that Multichoice’s data handling practices are a “grave affront” to the fundamental right to privacy under Section 37 of Nigeria’s 1999 Constitution.
Non-Cooperation Leads to Maximum Fine
The NDPC initially directed Multichoice to take corrective measures, but later found the company’s response unsatisfactory and uncooperative. Consequently, it levied the ₦766 million fine under the NDPA framework.
“Nigeria is entitled to protect her citizens and ensure data sovereignty under local and international laws. These violations have serious implications for national security, the rule of law, and economic growth,” the NDPC stated.
Additionally, NDPC’s National Commissioner, Dr. Vincent Olatunji, has ordered a compliance audit of all outlets through which Multichoice collects Nigerian data. Any entity found non-compliant risks further sanctions under the Act.
NDPC’s Intensified Enforcement Strategy Since 2024
The sanction against Multichoice is part of a broader enforcement campaign by the NDPC to uphold data protection standards across corporate Nigeria. Since 2024, the commission has:
- Investigated Meta (Facebook) and other social media and fintech firms over data protection breaches.
- Launched a probe into MTN’s MoMo PSB over alleged data privacy lapses.
- Investigated unauthorized access to the NIMC database.
- Fined Fidelity Bank Plc ₦555.8 million for data infractions.
- Opened an investigation into Optasia (Nairtime Nigeria Ltd) for questionable data practices.
- Probed Guaranty Trust Bank (GTBank) following complaints from a group known as GIC.
“Adherence to privacy regulations is essential for sustainable industry growth and public trust,” said Dr. Olatunji at the launch of the enforcement drive.
Conclusion: A Warning Signal for Corporate Nigeria
This landmark fine against Multichoice sends a strong signal to all data controllers and processors operating in Nigeria. With the NDPC ramping up audits, investigations, and penalties, companies must now prioritize data protection compliance or face severe legal and financial consequences.
