The Nigeria Data Protection Commission has imposed a fine of N766,242m on Multichoice Nigeria for breaching the Nigeria Data Protection Act, citing violations of subscribers’ privacy rights and the unlawful transfer of citizens’ personal data across borders.
The Head of Legal, Enforcement and Regulations at NDPC, Babatunde Bamigboye, said in a statement that the sanction followed an investigation launched in the second quarter of 2024 after allegations surfaced regarding the company’s intrusive data processing activities.
“The depth of data processing by Multichoice is patently intrusive, unfair, unnecessary and disproportionate. This is a grave affront to the fundamental right to privacy as enshrined in section 37 of the 1999 Constitution of the Federal Republic of Nigeria,” the Nigerian data regulator said.
According to the NDPC, the probe uncovered multiple breaches, including the unauthorised processing of personal data belonging to both subscribers and individuals who were not Multichoice customers.
It also found that the company had been transferring Nigerians’ data abroad without following due process.
The Commission said that it directed Multichoice to implement remedial measures as part of its standard enforcement procedures.
However, the response from the company was deemed “unsatisfactory,” leading to the decision to impose the penalty.
“For want of cooperation, the commission has directed Multichoice to pay N766,242,500 for violating the Nigeria Data Protection Act,” Bamigboye said.
He added that the National Commissioner of NDPC, Dr Vincent Olatunji, has ordered a wider investigation into all Multichoice data collection outlets nationwide. “Any outlet that processes personal data in violation of the NDP Act is liable to a penalty under the Act,” he said.
GIK/APA