The Nigeria Data Protection Commission has imposed a ₦766.2 million fine on MultiChoice Nigeria for violating the Nigeria Data Protection Act, following findings of intrusive data processing and unauthorized cross-border transfers of Nigerians’ personal data.
In a statement issued Sunday in Abuja, the Head of Legal, Enforcement and Regulations at the NDPC, Mr. Babatunde Bamigboye, disclosed that the sanction came after a comprehensive investigation launched in the second quarter of 2024.
The probe was triggered by concerns over how MultiChoice handles the privacy rights of its subscribers and other individuals linked to them.
“NDPC found, among other things, that MultiChoice violated the data privacy rights of its subscribers and individuals associated with them who are not necessarily subscribers,” Bamigboye said.
“The depth of data processing by MultiChoice is patently intrusive, unfair, unnecessary, and disproportionate. This is a grave affront to the fundamental right to privacy as enshrined in Section 37 of the 1999 Constitution.”
According to the Commission, the probe uncovered that MultiChoice had engaged in the unauthorized cross-border transfer of personal data belonging to Nigerian data subjects—an act which contravenes established data sovereignty protections.
Bamigboye noted that although the NDPC directed MultiChoice to implement appropriate remedial measures as part of its standard remediation process, the company’s response was deemed unsatisfactory.
“For want of cooperation, the commission has directed MultiChoice to pay ₦766,242,500 for violating the Nigeria Data Protection Act,” he said.
The National Commissioner of the NDPC, Dr. Vincent Olatunji, also directed a broader compliance audit across all channels used by MultiChoice to collect personal data from Nigerian citizens.
He warned that “any outlet that processes personal data in violation of the NDPA is liable to a penalty under the Act.”