NDPC Slams MultiChoice with N766m Fine for Data Privacy Breaches

The Nigeria Data Protection Commission (NDPC) has imposed a fine of N766,242,500 on MultiChoice Nigeria for violating the Nigeria Data Protection Act (NDPA).
This was disclosed on Sunday by the Commission’s Head of Legal, Enforcement and Regulations, Babatunde Bamigboye, in a statement issued in Abuja.
According to Bamigboye, the fine followed an investigation launched in the second quarter of 2024 into suspected privacy breaches affecting MultiChoice subscribers and the unlawful transfer of Nigerians’ personal data across borders.
“NDPC found that MultiChoice violated the privacy rights of its subscribers and even individuals associated with them who are not necessarily subscribers,” Bamigboye stated.
The Commission also revealed that MultiChoice engaged in illegal cross-border transfers of personal data belonging to Nigerian citizens.
“The extent of data processing by MultiChoice was found to be intrusive, unfair, unnecessary, and disproportionate — posing a serious threat to the fundamental right to privacy guaranteed under Section 37 of the 1999 Constitution,” he added.
Bamigboye further explained that Nigeria has both the right and obligation to protect its citizens and ensure data sovereignty in line with national laws and international standards, given the implications for national security, economic growth, and the rule of law.
During the course of the investigation, the NDPC directed MultiChoice to implement remedial measures in line with the NDPA’s standard procedures. However, the Commission found the measures taken by the company to be unsatisfactory.
“As a result, MultiChoice has been directed to pay the sum of N766,242,500 for breaching the Nigeria Data Protection Act,” Bamigboye said.
The National Commissioner of NDPC, Dr. Vincent Olatunji, also ordered that all platforms and channels through which MultiChoice collects personal data from Nigerian citizens be subjected to further investigations for compliance with the NDPA.
Olatunji stressed that any entity found to be processing personal data in violation of the law would face appropriate penalties.
The NDPC serves as Nigeria’s regulatory authority on data protection, with a mandate to enforce lawful data processing practices, including ensuring consent, legal obligation, or contractual necessity as the basis for collecting personal information.
(NAN)





