By John Umeh
The Nigeria Data Protection Commission (NDPC) has imposed a ₦766 million fine on MultiChoice Nigeria, the parent company of DStv and GOtv, for multiple violations of the country’s data protection laws. The penalty comes after a comprehensive investigation revealed that the pay-TV giant breached key provisions of the Nigeria Data Protection Act (NDPA) by failing to adequately protect customer data and obtain proper consent for data processing activities.
Announcing the sanction in Abuja, the NDPC stated that MultiChoice violated the principles of data minimization, purpose limitation, and transparency by collecting excessive personal data without clearly informing users or securing appropriate authorization. The commission also cited inadequate safeguards for protecting sensitive customer information from potential misuse or exposure.
“MultiChoice’s data handling practices were found to be inconsistent with the requirements of lawful processing as stipulated under the NDPA,” said NDPC Commissioner Dr. Vincent Olatunji. “Our goal is not to punish businesses but to enforce accountability and ensure citizens’ rights to privacy are respected in all sectors.”
Investigation Findings
The NDPC’s investigation, which began earlier this year following consumer complaints and internal audits, uncovered that MultiChoice:
-
Collected more data than necessary during user registrations and service sign-ups
-
Failed to provide users with clear, accessible options for managing how their data is used
-
Did not obtain proper consent before deploying data for marketing and analytics
-
Lacked adequate internal controls to prevent unauthorized access or data breaches
These findings, according to the commission, constitute serious breaches of the Data Protection Act, which mandates data processors to be transparent, secure, and legally compliant in the handling of personal information.
MultiChoice Responds
In response, MultiChoice Nigeria issued a brief statement acknowledging receipt of the NDPC’s decision, while promising to review its data protection framework and improve compliance.
“We take the issue of customer data privacy very seriously and are currently engaging with the NDPC to address all identified gaps,” the statement read. “Our team is committed to implementing enhanced data governance controls in line with global best practices.”
However, the company did not indicate whether it plans to appeal the fine.
A Wake-Up Call for Corporations
The ₦766 million fine is the most significant sanction yet imposed by the NDPC since the enactment of Nigeria’s data protection law in 2023. It sends a strong message to corporate organizations operating within Nigeria that data privacy violations will not go unpunished, and that accountability in data processing is no longer optional.
Digital rights advocates have welcomed the move, describing it as a major step forward for consumer protection and privacy in Nigeria.
“This fine is long overdue,” said Ngozi Ajayi, a data privacy expert. “Nigerians have for too long been vulnerable to the abuse of their personal data. This marks a turning point in how companies will treat consumer rights moving forward.”
Looking Ahead
The NDPC has vowed to ramp up enforcement activities across sectors, especially in finance, telecommunications, e-commerce, and entertainment. Organizations are now being urged to conduct mandatory Data Protection Impact Assessments (DPIAs) and appoint Data Protection Officers (DPOs) to ensure continuous compliance.
As for MultiChoice, the ₦766 million fine not only dents its corporate reputation but also underscores a broader reality: in the digital age, consumer data is not just an asset—it is a responsibility.
