Nigeria’s Data Protection Commission has issued a ₦766 million (~$501,000 USD) fine against MultiChoice Nigeria, the continent’s largest pay-television provider, marking a significant enforcement action in Africa’s evolving privacy regulatory environment.
The July 7, 2025 penalty follows an investigation that found MultiChoice engaged in “intrusive, unfair, and unnecessary” processing of subscriber personal data, along with unlawful cross-border data transfers. The company had previously received warnings to improve its data handling practices but failed to implement adequate changes.
This enforcement action represents one of the largest data protection penalties issued by an African regulatory authority and demonstrates the increasing sophistication of privacy enforcement outside traditional Western jurisdictions. Nigeria’s Data Protection Commission has shown it will pursue substantial financial penalties for non-compliance, similar to actions taken by European and North American regulators.
The case highlights the global nature of data protection compliance requirements. Companies operating internationally—including email marketing platforms, customer engagement tools, and digital advertising services—must now account for regulatory frameworks across multiple continents, not just established privacy regimes like GDPR or California’s CCPA.
For email marketers and customer data platforms, the MultiChoice penalty serves as a reminder that privacy compliance extends beyond familiar regulatory territories. Organizations processing personal data from African users must evaluate local data protection requirements, including consent mechanisms, data transfer restrictions, and subscriber rights management.
Nigeria’s action follows similar enforcement trends in other emerging markets, suggesting that privacy regulation is becoming a global standard rather than a regional requirement. Companies that treat non-Western privacy laws as secondary concerns may face similar financial consequences as regulatory authorities worldwide demonstrate their enforcement capabilities.
The penalty amount, while modest compared to some European GDPR fines, represents significant enforcement action relative to Nigeria’s economic context and establishes precedent for future privacy violations in the region.
