NDPC Imposes ?766M Fine on MultiChoice for Unauthorized Cross-Border Data Transfers, Breaching Nigerians’ Privacy Rights

Core Facts

• The Nigeria Data Protection Commission (NDPC) has fined MultiChoice Nigeria ?766,242,500 (~$830,000) for violating the provisions of the Nigeria Data Protection Act (NDPA).
• The sanctions stem from a year-long investigation into suspected misuse of subscriber data and illegal cross-border transfers of personal data.

Violations Uncovered

1.     Unauthorized Data Processing
NDPC found that MultiChoice not only processed subscriber data without consent but also handled personal information of non-subscribers—such as friends and family—without legal justification.

2.     Illegal Cross-Border Transfers
The company unlawfully transferred Nigerian citizens’ data abroad without proper safeguards or consent—a clear violation of Sections 37 of the 1999 Constitution and the NDPA.

3.     Depth & Proportionality of Data Usage
NDPC described MultiChoice’s data practices as “intrusive, unfair, unnecessary, and disproportionate,” undermining Nigerians’ fundamental right to privacy.

Regulatory Response & Penalty

• Despite NDPC’s issuance of remedial directives during the investigation, MultiChoice’s responses were found inadequate and met with limited cooperation.
• As a result, the Commission imposed the full ?766 million fine and mandated ongoing compliance checks.
• Furthermore, NDPC’s National Commissioner, Dr. Vincent Olatunji, ordered an expanded audit of all MultiChoice platforms collecting Nigerian data, warning that further violations will result in additional penalties.

Broader Implications

• Affirmation of Data Sovereignty: The fine reinforces Nigeria’s commitment to protecting citizens' data domestically and internationally.
• Warning to Corporates: This enforcement signals to multinational and local companies the importance of stringent data governance, particularly regarding cross-border data flows.
• Public Service Precedent: The move aligns with global regulatory trends—fines like these echo actions by EU regulators under GDPR or Nigeria’s earlier fines on social platforms like Meta.

Next Steps for MultiChoice

• Mandatory Compliance Upgrade: MultiChoice must now implement robust data protocols, ensure proper consent mechanisms, and employ adequate measures for cross-border data transfers.
• Platform-Wide Audits: The NDPC will scrutinize every MultiChoice data collection channel—from DStv and GOtv subscriptions to digital platforms like Showmax—to ensure full NDPA compliance.
• Risk of Further Penalties: Any future non-compliance may result in additional fines or legal action, putting pressure on MultiChoice’s leadership to act swiftly.

Bottom Line

This ?766 million fine underscores the Nigerian government's firm stance on data protection. MultiChoice now faces a critical period of reform—not just in penalty payment, but in overhauling how it collects, processes, and secures user data. The outcome will set a precedent for how consumer privacy is respected in Nigeria's growing digital ecosystem.