The Nigeria Data Protection Commission (NDPC) has fined MultiChoice Nigeria Limited ₦766,242,500 for multiple violations of the Nigeria Data Protection Act (2023).
According to a statement by the NDPC, the fine follows an investigation into the company’s handling of user data, particularly through its DStv and GOtv platforms. The Commission found that MultiChoice violated several provisions of the Data Protection Act by processing personal data without valid consent and transferring data outside Nigeria without proper safeguards.
Violations Highlighted by the NDPC
The NDPC stated that MultiChoice engaged in “intrusive, disproportionate, and unfair data processing” of subscribers and even their contacts. These actions were in breach of Section 37 of the Nigerian Constitution, which guarantees the right to privacy, and various sections of the Nigeria Data Protection Act.
The investigation also revealed that MultiChoice failed to provide an adequate basis for the cross-border transfer of personal data and had not responded satisfactorily to earlier compliance directives issued by the Commission.
READ ALSO: DStv Decoders Now 50% Cheaper as MultiChoice Slashes Prices to Woo
Enforcement and Compliance Measures
The fine was imposed after MultiChoice failed to implement the necessary corrective actions recommended by the NDPC. The Commission noted that it had made “reasonable efforts” to obtain cooperation and ensure compliance, but the company’s responses were “largely ignored.”
In addition to the fine, the NDPC has ordered MultiChoice to submit to a comprehensive compliance audit across all its platforms operating in Nigeria. The Commission warned that further violations could lead to additional penalties.
NDPC’s Warning to Other Data Controllers
Dr Vincent Olatunji, the National Commissioner and CEO of the NDPC, said the decision to fine MultiChoice reflects the Commission’s commitment to enforcing the country’s data protection laws.
“This action serves as a clear message to all data controllers and processors operating in Nigeria that violations of citizens’ privacy rights will not be tolerated,” he said.
The NDPC urged other organizations to regularly audit their data handling practices and ensure compliance with the Nigeria Data Protection Act to avoid similar penalties.
About the NDPC:
The Nigerian Data Protection Commission is the national regulator responsible for enforcing data protection and privacy standards in Nigeria. Established under the Nigeria Data Protection Act (2023), the Commission ensures that personal data is collected, processed, and stored responsibly and legally.
