The Nigeria Data Protection Commission (NDPC) has issued a landmark fine of ₦766,242,500 (approximately $501,340) against MultiChoice Nigeria for serious violations of the Nigeria Data Protection Act (NDPA). This enforcement action underscores the government’s growing commitment to protecting citizens’ digital rights and enforcing data privacy compliance among major corporations.
What Led to the ₦766 Million Fine?
According to the Nigerian Data Protection Commission (NDPC), MultiChoice Nigeria, the operators of DSTV and GOtv, were found guilty of several serious data violations. These included intrusive data collection practices, unauthorized cross-border transfers of user data, and the processing of personal information belonging to non-subscribers without any legal basis or informed consent. The commission’s investigation, which began in the second quarter of 2024, revealed that MultiChoice had collected and processed data not only from its direct subscribers but also from their contacts and associates, all without appropriate permission or legal justification.
Data Privacy Breaches That Broke the Law
The NDPC identified multiple breaches that violated Nigerian laws. Chief among them was the violation of Section 37 of the Constitution of the Federal Republic of Nigeria, which guarantees every citizen the right to privacy. In addition to this constitutional breach, MultiChoice failed to comply with the requirements of the Nigerian Data Protection Act (NDPA). Perhaps most concerning was the unauthorized transfer of Nigerian citizens’ data to servers outside the country without receiving the necessary approvals. The commission stressed that these actions exposed not only MultiChoice’s subscribers but also unrelated third parties to significant privacy risks, data misuse, and vulnerability to external threats.
MultiChoice’s Inadequate Remedial Measures
Even after being notified of the violations and allowed to make amends, MultiChoice’s remedial efforts fell short of regulatory expectations. The NDPC described the company’s responses as unsatisfactory. As a result, the commission imposed the ₦766 million fine to underscore the seriousness of the breaches and to set a strong example for other data controllers and processors operating in the Nigerian digital space.
What This Means for Nigerian Consumers and Businesses
The fine against MultiChoice Nigeria is currently the largest issued under the NDPA, and its implications are significant. For Nigerian consumers, it is a reassuring sign that data privacy laws are being actively enforced. It encourages confidence in the protection of their data and highlights the growing recognition of their digital rights. It also helps establish more straightforward guidelines around data consent and increases pressure on companies to be more transparent in their data collection and usage policies.
For MultiChoice, the fine comes with far-reaching consequences. The company has been mandated to undergo a full audit of all its data collection and processing channels. This will likely result in a comprehensive overhaul of its data management systems, including how it obtains user consent and stores sensitive information. The company can also expect heightened scrutiny from regulators, not only within Nigeria but potentially in other African markets where it operates.
For the broader business community in Nigeria, this development sets a new precedent in the enforcement of data protection regulations. Companies that process or store customer data must now ensure they are fully compliant with all aspects of the NDPA, particularly regarding cross-border data flows. Non-compliance could result in substantial financial penalties, reputational damage, and even operational restrictions.
MultiChoice’s Other Regulatory Battles
The data privacy fine adds to a growing list of regulatory challenges facing MultiChoice Nigeria. The company has been grappling with a decline in subscriber numbers, mainly due to rising inflation and a slowing economy. It has also conflicted with Nigerian regulatory bodies over repeated increases in subscription fees, which have sparked consumer backlash. Furthermore, the company faces lingering concerns related to its tax obligations and its dominant market position. All of these factors have combined to create a difficult operating environment, with the NDPC’s latest ruling adding another layer of pressure.
The company is yet to release an official statement responding to the NDPC ruling as of press time.
Final Thoughts: A Turning Point for Data Privacy in Nigeria
With this ₦766 million fine, the NDPC has positioned itself as a formidable watchdog in the Nigerian digital ecosystem. The case serves as a reminder that data privacy is no longer optional—it’s a legal obligation backed by serious consequences.
As Nigeria continues to modernize its digital governance frameworks, more companies may face similar sanctions if they fail to prioritize the protection of user data.
and then