The Nigeria Data Protection Commission (NDPC) has commenced an immediate investigation into the data processing operations of global e-commerce platform Temu over alleged violations of the Nigeria Data Protection Act (NDP Act), 2023.
The directive for the probe was issued by the National Commissioner and Chief Executive Officer of the NDPC, Dr. Vincent Olatunji, following mounting concerns about the company’s data handling practices within Nigeria’s digital ecosystem.
According to the Commission, the investigation was triggered by allegations relating to online surveillance practices carried out through personal data processing, as well as potential breaches involving accountability obligations, data minimisation principles, transparency standards, duty of care requirements, and cross-border data transfer compliance.
NDPC Raises Concerns Over Data Governance Standards
In its preliminary findings, the Commission disclosed that Temu processes personal data belonging to approximately 12.7 million Nigerian data subjects. Globally, the platform reportedly records about 70 million daily active users, making it one of the fastest-growing e-commerce platforms operating across multiple jurisdictions.
Regulators are now scrutinising whether Temu’s data collection, storage, and transfer mechanisms comply with statutory requirements outlined in the Nigeria Data Protection Act, which mandates lawful, fair, and transparent processing of personal information.
The NDPC emphasised that organisations operating within Nigeria — whether as data controllers or data processors — must demonstrate verifiable compliance with core principles of the Act, including purpose limitation, data minimisation, accuracy, storage limitation, and accountability.
Liability Warning to Data Processors
Dr. Olatunji further warned that third-party processors acting on behalf of data controllers could face regulatory consequences if they fail to conduct due diligence on compliance standards before engaging in processing activities.
The Commission reiterated that processors who handle personal data without verifying that the data controller meets NDP Act requirements may be held liable under the law. This warning signals an expansion of enforcement attention beyond primary data controllers to entities operating within broader digital supply chains.
The statement was formally signed by Babatunde Bamigboye, Esq., CDPRP, Head of Legal, Enforcement and Regulations at the NDPC.
Implications for Nigeria’s Digital Economy
The development underscores Nigeria’s tightening regulatory stance on data protection as digital commerce continues to expand. With millions of Nigerians engaging daily on global platforms, regulators appear poised to ensure that foreign technology companies operating locally adhere strictly to national privacy laws.
Industry observers note that enforcement actions under the NDP Act could shape compliance frameworks for multinational digital platforms seeking access to Nigeria’s rapidly growing online consumer market.
The outcome of the investigation may set a precedent for how cross-border data flows and large-scale consumer data processing are regulated within Africa’s largest economy.
 has commenced an immediate investigation into the data processing operations of global e-commerce platform Temu over alleged violations of the Nigeria Data Protection Act (NDP Act), 2023.){kind=link}