Nigeria’s data privacy watchdog, the National Data Protection Commission (NDPC), has opened an investigation into the data processing activities of the global e-commerce giant, Temu.
The probe, ordered by Dr. Vincent Olatunji, the national commissioner, comes amid growing global scrutiny of the platform’s aggressive data collection tactics.
With approximately 12.7 million Nigerian users already on the platform, the NDPC is moving to ensure that the ultra-low-cost shopping experience doesn’t come at the expense of national data sovereignty.
The Allegations: A ‘Red Flag’ on Surveillance
The investigation was triggered by a series of high-level concerns regarding how Temu handles the sensitive information of its Nigerian data subjects.
According to the NDPC, the probe will focus on several key pillars of the Nigeria Data Protection (NDP) Act:
- Online Surveillance: Concerns that personal data processing is being used for intrusive tracking.
- Data Minimization: Whether Temu is collecting more data than is strictly necessary for e-commerce transactions.
- Cross-Border Transfers: Investigating how and where the data of Nigerians is stored and shared internationally.
- Transparency & Accountability: Assessing if Temu is being clear with users about who has access to their information.
Temu has scaled rapidly in Nigeria, mirroring its global trajectory of reaching 70 million daily active users.
However, its business model, which relies heavily on gamified rewards and data-driven marketing, has often put it at odds with regulators.
For the NDPC, this is a “test case” for the enforcement of the NDP Act against global tech giants. The Commission is particularly interested in the Duty of Care, the legal obligation of the platform to protect users from data breaches or unauthorized access.
The Warning: Third-Party Processors in the Crosshairs
In a significant addition to the probe, the National Commissioner issued a stern warning to local and international data processors (logistics firms, payment gateways, and cloud providers) working with Temu.
Under the NDP Act, processors can be held liable if they engage in activities on behalf of a controller (like Temu) without verifying that the controller is fully compliant with Nigerian law.
“Processors who engage in processing activities on behalf of data controllers without verifying their compliance with the NDP Act may be liable,” the Commission warned.
The Scale of the Investigation
| Metric | Details |
| Primary Regulator | NDPC (Nigeria Data Protection Commission) |
| Affected Data Subjects | ~12.7 Million Nigerians |
| Global Active Users | 70 Million Daily |
| Core Legal Instrument | Nigeria Data Protection Act (NDP Act) |
| Key Risk Factor | Online surveillance & Cross-border data transfer |
The investigation, led by Babatunde Bamigboye, head of Legal, Enforcement & Regulations, will likely involve a deep audit of Temu’s backend architecture and privacy policies.
If found in violation, Temu could face significant fines or even a temporary suspension of operations in Nigeria, similar to the regulatory hurdles faced by other global platforms that have previously clashed with Nigerian digital laws.
For now, the NDPC is signaling that the era of “unchecked” data harvesting by foreign e-commerce platforms is over.
