HomeFeaturesNigeria Probes Temu Over User Data Protection Violation

Nigeria Probes Temu Over User Data Protection Violation

Listen to article

Nigeria’s data protection regulator has launched a formal investigation into Chinese e-commerce platform Temu, alleging that the company may have violated the Nigeria Data Protection Act through the unlawful handling of personal information belonging to approximately 12.7 million Nigerian users.

The National Data Protection Commission’s National Commissioner and Chief Executive Officer, Vincent Olatunji, ordered an immediate probe into the company’s data processing practices following concerns that they may contravene provisions of the Nigeria Data Protection Act. The investigation was announced Monday in a statement issued by the commission’s Head of Legal, Enforcement and Regulations, Babatunde Bamigboye. The NDPC’s concerns centre on several key issues. It is investigating whether Temu is conducting online surveillance through the personal data it collects, whether it is being transparent about how it uses that data, and whether it is transferring Nigerian user information to servers outside the country without proper safeguards. The commission is also investigating whether Temu is collecting more data than necessary to run its business.

Based on early findings,it has been discovered that Temu processes personal information of approximately 12.7 million data subjects in Nigeria, alongside about 70 million daily active users globally, making its Nigerian operation a significant data processing enterprise within the jurisdiction of the NDPC.

The investigation’s scope is broad. In a statement issued on Monday, the NDPC said the investigation was prompted by concerns regarding online surveillance through personal data processing, accountability, data minimisation, transparency, duty of care, and cross-border data transfers. Each category carries distinct legal weight under the Nigeria Data Protection Act 2023, which came into force to provide a comprehensive framework governing how organizations collect, process, store, and transfer personal information belonging to Nigerians.

The investigation also covers accountability and duty of care, which essentially means Temu needs to prove it’s taking user privacy seriously and has systems in place to protect the data it collects. Cross-border data transfers occupy a particularly sensitive position in Nigerian law, which requires that personal data leaving the country be subject to equivalent or greater protections than those mandated domestically.

Temu entered the Nigerian market in late 2024, which was followed by an aggressive advertising and promotional campaign across social media platforms and mobile app stores that rapidly built a large user base. The platform, which is owned by Chinese technology conglomerate PDD Holdings, sells a wide range of consumer goods at heavily discounted prices, competing directly with established e-commerce players in the market. Nigeria’s large and youthful population, growing smartphone usage, and expanding e-commerce sector made the country attractive for Temu’s growth strategy, as the company aimed to challenge existing players by offering low-priced goods and flooding the market with targeted advertising.

Read Also: Elon Musk Summoned As France Probes X, Grok AI

The commission also moved to extend the investigation’s reach beyond Temu itself. The NDPC warned data processors, companies that handle personal information for other businesses, that they can be held responsible if they work with platforms that do not follow Nigerian privacy law. This is a clear warning for local delivery companies, payment companies, and other businesses that might be helping Temu operate in Nigeria. If those processors did not check that Temu follows data protection rules before working with them, they could also face consequences.

Temu is not the first foreign company to come under the scrutiny of the NDPC in recent times. The commission recently fined MultiChoice the sum of 766.24 million naira for violating data privacy laws and processing data of Nigerian subscribers and even non-subscribers. The NDPC found MultiChoice’s actions intrusive and disproportionate and deemed its remedial steps unsatisfactory, ordering a compliance audit of all its data collection channels in Nigeria. This action fits into the NDPC’s broader enforcement drive against data mishandling in Nigeria’s booming technology sector. Last year, the commission probed over 1,369 firms for similar infractions and launched sector-wide audits targeting fintechs and other high-risk processors. Earlier cases included investigations into the National Identity Management Commission over alleged privacy lapses and Optasia for data rights violations.

Read Also: EU Sternly Threatens Meta Over WhatsApp AI Restrictions

Temu launched in the United States in September 2022 and expanded to more than 90 markets globally by 2025, becoming the most downloaded app in the United States in 2024. Its rapid growth has attracted regulatory scrutiny in multiple jurisdictions. South Africa’s National Consumer Commission launched a parallel investigation into the platform over compliance with the Consumer Protection Act, examining some of the same categories of concern that have prompted the Nigerian inquiry. European regulators have similarly flagged concerns about data handling practices at Chinese-owned digital platforms operating within their jurisdictions.

The Nigeria Data Protection Act 2023 grants the NDPC authority to impose sanctions including fines, operational restrictions, and orders requiring data deletion or localization. The commission has not publicly specified which remedies it may seek against Temu or what penalties could apply if violations are confirmed. No timeline for concluding the investigation was disclosed.

Temu had not publicly responded to the commission’s announcement as of Tuesday morning. The company’s Nigerian operations and customer service channels were not immediately available for comment.

The NDPC reaffirmed its mandate to enforce compliance and promised swift action to protect citizens in an era of pervasive data-driven commerce. Olatunji urged Nigerian consumers to monitor official NDPC channels for updates and to report suspicious data-related activities through the commission’s established complaints processes.

The investigation will proceed through the commission’s standard enforcement procedures, which include documentary requests, technical assessments, and where necessary, formal hearings before the NDPC’s adjudication panel. A final determination can be appealed through the Federal High Court. No date for the next procedural step has been publicly announced.

 

The Eastern Updates

Most Popular

Recent Comments