Nigeria’s data privacy regulator has launched an investigation into fast-growing e-commerce platform Nigeria Data Protection Commission (NDPC) over alleged violations of the country’s data protection laws.
The commission confirmed that it has opened a formal probe into Temu, following concerns about how the platform collects, processes, and transfers personal data belonging to Nigerian users.
According to the NDPC, the investigation was prompted by concerns that Temu’s data processing practices may not fully align with the provisions of the Nigeria Data Protection Act (NDPA).
The commission is reportedly examining the scale and nature of personal data collection from Nigerian users, including whether the company complies with data minimisation principles and whether it maintains transparency in how user data is processed. Regulators are also reviewing issues surrounding cross-border data transfers and whether appropriate legal safeguards are in place, as well as the platform’s overall accountability and duty of care obligations under Nigerian law.
At the centre of the probe is the question of whether Temu collects more personal data than is necessary for its services and whether users are adequately informed about how their data is being used.
Preliminary reports suggest that Temu processes the personal data of approximately 12.7 million Nigerian users. If confirmed, that would make the case one of the most significant data protection investigations in Nigeria’s digital economy so far.
The scale of the platform’s operations has raised broader questions about how foreign-linked digital marketplaces comply with Nigerian regulatory frameworks, particularly in areas concerning privacy standards and cross-border data handling.
The NDPC’s National Commissioner and Chief Executive Officer, Vincent Olatunji, has consistently maintained that data controllers and processors operating in Nigeria must strictly comply with the NDPA.
Under the law, organisations found in violation of data protection requirements may face administrative penalties, regulatory sanctions, corrective compliance directives, and potential financial fines. The commission has also emphasized that third-party data processors are not exempt from liability and must independently verify compliance.
Since the enactment of the NDPA in 2023, authorities have signaled a more proactive enforcement approach aimed at protecting citizens’ personal data.
As e-commerce adoption grows across Nigeria, scrutiny of how tech platforms manage user data is expected to intensify. The outcome of the Temu investigation could set an important precedent for other multinational digital companies operating in the country.
For now, the NDPC says the investigation is ongoing. Temu has yet to issue a detailed public response regarding the allegations.
We will continue to monitor developments and provide updates as more information becomes available.