The Nigeria Data Protection Commission (NDPC) has initiated an investigation into the global e-commerce platform Temu for alleged violations of Nigeria’s data protection laws. The probe follows concerns that the company’s data practices may contravene provisions of the Nigeria Data Protection Act.
NDPC’s National Commissioner and CEO, Vincent Olatunji, directed an immediate review of Temu’s personal data processing practices, including issues related to online surveillance, accountability, compliance with data minimisation principles, transparency, duty of care, and cross-border data transfers.
Preliminary findings suggest that Temu handles the personal data of approximately 12.7 million users in Nigeria and around 70 million daily active users globally. The Commission also cautioned third-party data processors, stressing that organisations handling data on behalf of controllers must verify compliance with the law or risk liability.
The NDPC emphasised that the investigation forms part of its mandate to protect Nigerians’ privacy rights and ensure strict adherence to data protection standards by companies operating in the country.
