Multichoice fine: How privacy violation happens — and how illegal cross-border data transfers puts you at risk

Your data could be crossing borders without your permission. Here’s how privacy rights are violated in the digital age.
Every day, millions of Nigerians hand over personal information to digital platforms—when subscribing to TV services, downloading apps, shopping online, or simply browsing the internet. What many don’t realise is that this information can travel far beyond Nigeria’s borders, often without their knowledge or consent. This silent practice, known as unauthorised cross-border data transfer, is one of the most serious ways companies violate your privacy rights.
The recent ₦766 million fine imposed on Multichoice Nigeria by the Nigeria Data Protection Commission (NDPC) has drawn public attention to this issue. At the heart of the case was a troubling revelation: personal data from Nigerian subscribers was processed and sent across borders without meeting legal safeguards. But how exactly does this happen? Why is it dangerous? And what does the law say about it?
This report breaks down how violations of subscribers’ privacy occur—especially through cross-border data transfers—and why protecting your personal data is more important than ever.
What does subscriber data really mean?
Every time you subscribe to a service—whether it’s DStv, GOtv, a mobile app, or an online store—you provide personal information like:
-
Your name
-
Phone number and email
-
Location
-
Payment details
-
Viewing or usage patterns
-
Preferences and interests
This is called subscriber data, and companies use it to:
-
Create user profiles
-
Offer personalized recommendations
-
Process payments
-
Communicate with customers
-
Improve services or run ads
While this may seem harmless, how companies collect, store, and share this data can become a serious threat when not properly regulated.
READ ALSO
Multichoice’s N766m fine: What is data privacy violation and how does it affect you?
What happens to Multichoice Nigeria after N766m fine and how the legal process works
Nigeria Data Protection Act, 2023: What it means and how Multichoice violated it
How privacy violations occur in the digital ecosystem
There are several ways companies violate your privacy rights—often without you even knowing. These include:
1. Collecting your data without consent
If a company gathers your information before you’ve agreed to its terms or policies, it’s a violation. This is particularly troubling when they collect data from non-subscribers, as Multichoice Nigeria was accused of doing.
2. Exceeding the purpose of collection
If you sign up just to watch TV, but the company uses your data to push unrelated advertisements, share it with third parties, or create detailed behavioural profiles, it has gone beyond what you agreed to.
3. Failing to protect your data from leaks or cyberattacks
If the data is stored carelessly and ends up in the wrong hands, the company is liable for the breach.
4. Selling or sharing your data with advertisers or other businesses
Even if your name isn’t directly attached, data can be shared in bulk, allowing third parties to target you for commercial or political gain.
5. Transferring your data across borders without your consent
This is one of the most serious—and hidden—violations, and it’s where many Nigerians are unknowingly exposed.
What is cross-border data transfer—and why is it risky?
Cross-border data transfer means sending or storing your personal information in another country. This usually happens when:
-
A company’s servers are located abroad
-
They partner with foreign tech companies for analytics or storage
-
They use global cloud platforms like AWS, Google Cloud, or Microsoft Azure
While this can help companies run faster and cheaper services, it becomes a problem when:
-
You are not informed or asked for consent
-
The destination country has weak data protection laws
-
There are no safeguards in place to secure your data
-
Your information could be accessed by foreign governments or bad actors
In simple terms, your private data—collected in Nigeria—could end up on a server in another country where your Nigerian legal rights no longer apply.
What the Nigeria Data Protection Act says about cross-border transfers
The Nigeria Data Protection Act, 2023 allows cross-border data transfers only under strict conditions. These include:
-
The receiving country must have comparable data protection laws
-
The company must put in place binding safeguards (like encryption, contracts, or audits)
-
The individual (you) must be fully informed and give clear consent
-
The transfer must be necessary for specific legal or contractual reasons
If any of these conditions are missing, the transfer is considered unlawful.
Multichoice Nigeria was found to have violated this rule—moving subscribers’ data across borders without meeting these requirements. This was one of the reasons behind the ₦766 million fine.
How these violations affect you
Violations of data privacy—especially through unauthorized international transfers—can:
-
Expose you to scams and fraud if your data is accessed by cybercriminals
-
Allow foreign companies or governments to build digital profiles on you
-
Undermine your legal rights, as your data is now governed by another country’s weaker laws
-
Enable aggressive and unsolicited advertising, tracking, or political manipulation
-
Make it impossible for you to request deletion, access, or correction of your data once it’s gone abroad
Most people are unaware that simply subscribing to a service could mean their personal details are being stored or processed in another part of the world—without their knowledge.
What needs to change
To prevent future violations:
-
Companies must be transparent about where they store and process user data
-
They must obtain meaningful consent—not just vague checkbox agreements
-
Regulators must regularly audit cross-border transfers and impose consequences for non-compliance
-
Nigerians must be informed of their rights under the Data Protection Act and report any suspicious or intrusive practices
Data shouldn’t cross borders without your knowledge
The unlawful transfer of personal data is more than a technical issue—it’s a breach of trust and a threat to national digital sovereignty. The fine against Multichoice Nigeria shows that regulators are beginning to take these violations seriously.
But for lasting change, Nigerians must understand the value of their data, demand transparency, and support stronger enforcement. Your personal information should be treated with the same care and respect as your physical identity—because in the digital world, data is you.
READ ALSO
Blow for Multichoice, win for Nigerians… making sense of NDPC’s N766m fine
Multichoice slammed with N766m fine, reason, other details emerge
Why MultiChoice sold SuperSport United and what it reveals about Africa’s Pay-TV crisis
Minister promises lower DSTV prices after high-stakes meeting with MultiChoice
DStv sports-only subscription: A game-changer for African football fans?
10 things MultiChoice can do amid rising subscriber loss
MultiChoice history: From Pay‑TV pioneer to facing digital disruption
MultiChoice cuts DStv decoder price by 50% to attract subscribers
MultiChoice 50% price cuts: Has Satellite TV era come to an end?
John Ugbe, other top MultiChoice executives set to be arraigned, see reason
From over N15k to N12k — how MultiChoice reversed DStv, Gotv prices after backlash
Full list: Multichoice increases DStv, GOtv subscription prices… see new rates
“Why I haven’t renew my DStv subscription since May 2024 — Lagos resident speaks
MultiChoice in crisis: Price cuts, subscriber exodus, and the battle for relevance
MultiChoice, MTN Group… top 10 African businesses owned by South Africans
MultiChoice price cuts: What it means for Nigerian subscribers and the future of pay TV
Explainer: Why MultiChoice keeps increasing DStv and GOtv prices in Nigeria