Nigeria Slaps MultiChoice with a ₦766 Million Fine Over Data Privacy Breaches

Africa (Commonwealth Union) _ The Nigeria Data Protection Commission (NDPC) fined MultiChoice Nigeria ₦766,242,500 for violating the Nigeria Data Protection Act (NDPA) in a historic ruling that reflects Nigeria’s increasing determination to enforce data protection laws.The Commission made this public through the Head of Legal, Enforcement, and Regulations, Babatunde Bamigboye, in a statement issued on Sunday in Abuja. The fine is a result of a 2024 second-quarter inquiry into suspected invasions of privacy and unlawful cross-border transfer of personal data.The NDPC determined that MultiChoice, the pay-TV giant whose brands include DStv and GOtv, had violated the privacy rights of both their subscribers and affiliated persons. Perhaps one of the most egregious infractions was the illegal cross-border exportation of personal information of Nigerians, which the Commission labeled “patently intrusive, unfair, unnecessary, and disproportionate.”.This was a gross infringement of the fundamental right to privacy, as enshrined in Section 37 of the 1999 Constitution of the Federal Republic of Nigeria,” Mr Bamigboye said. He indicated that data protection was not mere regulatory nicety but a matter of national sovereignty, rule of law, and economic security.The NDPC, backed by the NDPA, is Nigeria’s data protection regulator, and it requires data processors to act on a lawful basis like consent, legal obligation, or contractual necessity.The investigation requested MultiChoice to take remedial actions in accordance with best regulatory practice. The Commission found the company’s response unsatisfactory and reported a lack of cooperation. For this reason, the substantial fine was levied.NDPC National Commissioner Dr. Vincent Olatunji also directed that all outlets of data collection utilized by MultiChoice are to be checked for compliance with the NDPA. “Any outlet that processes personal data in a manner contrary to the Act will be penalised,” he warned.The ruling heralds a new era for Nigeria‘s digital regulatory enforcement, with the NDPC setting a clear precedent that data privacy violations will henceforth not be condoned irrespective of the status of the entity.As Africa’s largest economy goes increasingly digital, the case can serve as a warning to other companies that handle huge amounts of consumer data within Nigerian territory.