Nigeria Data Protection Commission (NDPC) has launched an immediate investigation into the data processing activities of popular e-commerce platform Temu, amid allegations of violating key provisions of the Nigeria Data Protection (NDP) Act.
Temu
Dr Vincent Olatunji, National Commissioner/CEO of NDPC, personally directed the probe following mounting concerns over Temu’s handling of personal data, including issues of online surveillance, accountability deficits, failure to uphold data minimisation principles, lack of transparency, inadequate duty of care, and questionable cross-border data transfers.
Preliminary inquiries by the commission reveal that Temu, a fast-growing global online marketplace, processes personal information belonging to approximately 12.7 million data subjects within Nigeria alone, while boasting 70 million daily active users worldwide. These figures underscore the platform’s massive reach and the potential scale of any non-compliance with local data laws.
In a stern public advisory, Dr Olatunji warned data processors engaging in activities on behalf of controllers to rigorously verify their partners’ adherence to the NDP Act, stressing that failure to do so could expose them to direct liability under the legislation.
The investigation was formally announced by Babatunde Bamigboye Esq., CDPRP, NDPC’s Head of Legal, Enforcement and Regulations, who emphasised the commission’s commitment to safeguarding Nigerians’ privacy rights in the digital age.
This action fits into NDPC’s broader enforcement drive against data mishandling in Nigeria’s booming tech sector. Just last year, the commission probed over 1,369 firms for similar infractions and launched sector-wide audits targeting fintechs and other high-risk processors. Earlier cases included investigations into the National Identity Management Commission (NIMC) over alleged privacy lapses and Optasia for data rights violations.
Experts view the Temu probe as a signal of heightened regulatory vigilance, particularly for foreign platforms tapping into Nigeria’s vast consumer base without full alignment to local laws. “Cross-border transfers without safeguards pose real risks to data sovereignty,” noted one digital rights advocate, speaking anonymously.
For millions of Nigerian shoppers drawn to Temu’s bargain deals, the development raises urgent questions about the security of their personal details, from payment information to browsing habits. NDPC urged affected users to monitor official channels for updates and report suspicious activities.
As the investigation unfolds, processors across the e-commerce ecosystem are bracing for potential audits, with non-compliant entities facing fines, operational curbs, or forced data localisation under the NDP Act.
NDPC reaffirmed its mandate to enforce compliance, promising swift action to protect citizens in an era of pervasive data-driven commerce.
