Taking a step towards upholding citizens’ digital rights, the Nigeria Data Protection Commission (NDPC) has imposed a fine of ₦766,242,500 on Multichoice Nigeria for contravening the Data Protection Act.
According to the regulatory commission, the fine followed a year-long investigation into alleged violations of subscribers’ privacy, including illegal cross-border transfer of data belonging to Nigerian data subjects.
The commission condemned it as a blatant intrusion into Nigerians’ right to privacy under Section 37 of the Nigerian Constitution. The move demonstrates heightened institutional enthusiasm to protect Nigerians’ data rights amid rising digital consumption and subscription services.
Strengthening legal protections
To counter data privacy violations, Nigeria has enacted a roster of regulations to improve consumer protection in the digital space. One notable initiative is the enforcement of the Nigeria Data Protection Act, which outlines lawful grounds for data processing, such as user consent, legal obligations and contract necessity.
In addition to Data Protection Officers, the act allows for regular Data Protection Impact Assessments (DPIAs), providing clear-cut guidelines for protecting and managing customer information.
This clarity in policy empowers consumers to challenge organisations that misuse their data while ensuring that businesses comply with the guidelines to avoid hefty fines, as in the case of MultiChoice.
Similarly, the NDPC has engaged in capacity building by the different sectors through training data officers from both the private and public sectors on best practices on data protection. Through technical assistance and certification programs in collaboration with local and foreign data protection offices, the commission is building a list of certified professional practitioners who can help institutions devise data compliance mechanisms in their institutions.
These capacity-building measures also involve public education targeted at cultivating an informed populace that can identify breaches and register complaints about data abuse.
In recent years, a crop of local data centres has sprouted to minimise cross-border data transfers, which tend to expose Nigerians to further privacy risks.
Data sovereignty
By incentivising cloud service providers and large organisations to host their servers locally in accordance with the requirements of Nigerian data residency, the NDPC and Ministry of Communications and Digital Economy are increasing the sovereignty of citizens’ data within Nigerian jurisdiction.
This local approach not only enhances data security but also creates jobs in Nigeria’s ICT sector in addition to being compliant with local data privacy laws.
To assist companies in remaining compliant and avoiding fines, several technology firms and legal advisory companies have already begun to provide automated compliance products and audit services.
Companies apply these products to map their data processing activities, design real-time compliance reports, and maintain easy-to-adopt privacy policy templates that may be used within the Nigerian context.
This ecosystem of compliance products empowered by technology enables companies, even small businesses, to avoid costly legal fights and fines while maintaining customer trust in their online offerings.
Finally, civil society groups are stepping in to fill accountability deficits by means of people-focused data protection monitoring and advocacy. Paradigm Initiative and Enough is Enough Nigeria are establishing platforms where data abuse cases can be reported by Nigerians and receive information on how to claim redress, among other efforts at policy advocacy for the strengthening of the enforcement of the Data Protection Act.
These entities also collaborate with media platforms to put in the spotlight success stories on data protection enforcement, building public confidence to report data abuse and encouraging businesses to operate with ethical data means.
The NDPC’s penalty on MultiChoice is an important day in Nigeria’s determination to enforce data privacy and protect citizens’ digital rights. From legislative frameworks to civil-society advocacy, Nigeria is laying the groundwork for a secure and trustworthy digital ecosystem.
Ultimately, these measures safeguard Nigerians from intrusive data practices while reinforcing trust in the country’s growing digital economy, ensuring that no matter how technology continues to evolve, the right to privacy remains protected
The Nigeria Data Protection Commission (NDPC) has fined Multichoice Nigeria ₦766,242,500 for violating the Data Protection Act, reflecting a strong commitment to safeguarding citizens' digital privacy rights. This penalty follows an investigation into illegal data practices such as cross-border data transfers of Nigerian data subjects. The Data Protection Act mandates lawful data handling based on user consent and requires regular assessments to ensure compliance and protect consumer data.
To enhance data privacy, Nigeria has implemented several initiatives, including training data protection officers and promoting public awareness. The NDPC, along with the Ministry of Communications and Digital Economy, is also advocating for local data residency requirements to increase data security and sovereignty. This approach not only secures data but also boosts the ICT job market in Nigeria.
Civil society groups are playing an active role in promoting data privacy, offering platforms for reporting data abuse and advocating for stringent enforcement of data protection laws. The NDPC’s actions against Multichoice underline Nigeria's commitment to enforcing data privacy laws and developing a safe, trustworthy digital ecosystem, ultimately building public trust and ensuring legal compliance in the digital landscape.
