The Nigeria Data Protection Commission (NDPC) has initiated a formal investigation into Temu, the global e-commerce platform, over suspected breaches of the nation’s data protection legislation.
The probe, directed by NDPC National Commissioner and CEO Vincent Olatunji, examines the company’s data processing activities. It focuses on potential violations including unlawful online surveillance through personal data processing, lapses in accountability, non-compliance with data minimisation principles, failures in transparency, and deficiencies in managing cross-border data transfers as mandated by the Nigeria Data Protection Act (NDPA).
Preliminary assessments by the Commission indicate Temu processes the personal data of approximately 12.7 million users in Nigeria, while reporting around 70 million daily active users globally. This significant data footprint places it firmly under the NDPC’s jurisdiction.
In a related advisory, the NDPC warned third-party data processors that organisations handling data on behalf of controllers must verify their own compliance with the NDPA. The Commission stated that processors who fail in this duty could incur direct liability under Nigerian law.
This investigation forms part of the NDPC’s statutory mandate to protect the privacy rights of Nigerian citizens and enforce strict adherence to data protection standards by all entities operating within the country. The action follows the full enforcement of the Nigeria Data Protection Act 2023, which succeeded the former data protection framework and introduced stricter compliance obligations.
The Temu inquiry signals the NDPC’s heightened vigilance toward major international digital platforms handling Nigerian users’ data. It follows earlier high-profile investigations by the commission into entities like PlnR and Meta for similar concerns. For Temu, the outcome could necessitate operational adjustments to its data practices in Nigeria, particularly regarding user consent, data storage localisation, and transparency in its data processing policies.
The NDPC has not specified a timeline for the investigation’s completion. The company has been contacted for comment but a public response has not yet been issued. The findings will be determined based on the evidence gathered regarding compliance with the NDPA’s core principles.
