THE Nigeria Data Protection Commission (NDPC) has fined Multichoice Nigeria the sum of ₦766,242,500 for allegedly violating the Nigeria Data Protection Act (NDP Act).
The sanction follows an investigation initiated in the second quarter of 2024 over suspected breaches of subscribers’ privacy rights and unlawful cross-border transfer of personal data.
Multichoice Nigeria was accused of engaging in invasive data processing practices that targeted both its subscribers and individuals who were not direct customers of the company.
In a statement issued by the Head of Legal, Enforcement and Regulations at the Commission, Babatunde Bamigboye, the NDPC found that the company’s actions amounted to a serious violation of the constitutional right to privacy.
“The depth of data processing by Multichoice is patently intrusive, unfair, unnecessary and disproportionate,” the statement read.
It added that, “Multichoice violated the data privacy rights of subscribers and their friends who are not necessarily subscribers,” while also stating that the company “carries out illegal cross-border transfer of personal data relating to data subjects in Nigeria.”
The Commission noted that the investigation, carried out under the supervision of National Commissioner, Vincent Olatunji, also assessed the company’s response to an earlier directive to implement corrective measures.
“The Commission found the measures undertaken by Multichoice in this regard unsatisfactory. For want of cooperation, the Commission has directed Multichoice to pay ₦766,242,500 for violating the Nigeria Data Protection Act,” the statement added.
It emphasized the significance of data sovereignty, warning of broader implications for national security, economic stability, and the rule of law.
“Nigeria is entitled to protect her citizens, and data sovereignty under both international and extant municipal laws — as these have far-reaching implication for rule of law, national security and economic growth.”
Olatunji has now ordered a broader investigation into all platforms and outlets through which Multichoice collects personal data from Nigerian citizens.
“All outlets through which Multichoice is collecting personal data of Nigerian citizens should be investigated for non-compliance. Any outlet that processes personal data in violation of the NDP Act is liable to penalty under the Act,” the Commission warned.
The ICIR reported three Nigerian regulatory bodies jointly imposed fines exceeding $290 million (£218 million) on the U.S.-based tech giant, Meta last year accusing it of breaching various laws and guidelines.
The penalties levied on Meta include a $220 million fine from the Federal Competition and Consumer Protection Commission (FCCPC) for alleged anti-competitive behavior; a $37.5 million fine from Nigeria’s advertising regulator for running unauthorized adverts; and a $32.8 million fine from the Nigeria Data Protection Commission (NDPC) for alleged violations of data privacy laws.
Nurudeen Akewushola is an investigative reporter and fact-checker with The ICIR. He believes courageous in-depth investigative reporting is the key to social justice, accountability and good governance in society. You can reach him via nyahaya@icirnigeria.org and @NurudeenAkewus1 on Twitter.