July 7, 2025

The Nigeria Data Protection Commission (NDPC) has fined Multichoice Nigeria the sum of N766,242,500 (Seven-Hundred-and-Sixty-Six-Million-Two-Hundred-and- Forty-Two-Thousand-Five-Hundred naira) for violating the Nigeria Data Protection Act (NDP Act).

In a statement signed by Babatunde Bamigboye Head, Legal, Enforcement and Regulations of the Agency, the investigation which commenced in the second quarter of 2024 was triggered by suspected breach of privacy rights of Multichoice subscribers and illegal cross-border transfer of personal data of Nigerians.

NDPC found, among others, that Multichoice violated the data privacy rights of subscribers and their friends who are not necessarily subscribers.

The Commission also found that Multichoice carries out illegal cross-border transfer of personal data relating to data subjects in Nigeria.

The depth of data processing by Multichoice is patently intrusive, unfair, unnecessary and disproportionate. This is a grave affront to fundamental right to privacy as enshrined in section 37 of the 1999 Constitution of the Federal Republic of Nigeria.

Nigeria is entitled to protect her citizens, and data sovereignty under both international and extant municipal laws – as these have far-reaching implication for rule of law, national security and economic growth.

In line with its standard remediation procedure, the Commission directed Multichoice to carry out appropriate remedial measures. However, the Commission found the measures undertaken by Multichoice in this regard unsatisfactory.

For want of cooperation, the Commission has directed Multichoice to pay N766,242,500 for violating the Nigeria Data Protection Act.

In view of the foregoing, NDPC National Commissioner, Dr. Vincent Olatunji, has directed that all outlets through which Multichoice is collecting personal data of Nigerian citizens should be investigated for non-compliance.

Any outlet that processes personal data in violation of the NDP Act is liable to penalty under the Act.