The Nigeria Data Protection Commission (NDPC) has imposed a fine of ₦766,242,500 on Multichoice Nigeria for violating key provisions of the Nigeria Data Protection Act (NDPA).
The penalty follows a detailed investigation launched in the second quarter of 2024 after concerns were raised over possible privacy breaches affecting Multichoice subscribers and the unauthorized transfer of personal data across borders.
According to the NDPC, Multichoice was found to have infringed on the data privacy rights of its subscribers — including individuals who were not direct customers of the company. The Commission concluded that the company engaged in unlawful cross-border transfers of personal data, and described its data handling practices as intrusive, disproportionate, and unnecessary.
These actions, the Commission noted, violate Section 37 of Nigeria’s 1999 Constitution, which guarantees the right to privacy. The NDPC emphasized that data sovereignty is critical to Nigeria’s national security, legal integrity, and economic development.
Despite being directed to implement remedial measures, Multichoice’s response was deemed unsatisfactory by the Commission. Consequently, the NDPC has enforced the fine as a regulatory penalty for non-compliance with the NDPA.
In a further directive, NDPC National Commissioner Dr. Vincent Olatunji ordered a comprehensive compliance audit of all Multichoice data collection outlets in Nigeria. Any channel found to be in breach of the Data Protection Act will face additional penalties in line with the law.
This development underscores the NDPC’s commitment to enforcing Nigeria’s data protection laws and holding companies accountable for breaches that compromise citizens’ rights and digital trust.
