Regulator raises concerns about surveillance, data minimisation, and cross-border transfers affecting 12.7 million Nigerian users
The Nigeria Data Protection Commission (NDPC) has ordered an immediate inquiry into the operations of global e-commerce platform Temu, citing potential violations of the Nigeria Data Protection Act (NDP Act) 2023.
The investigation, announced Monday in a statement by the commission's Head of Legal, Enforcement & Regulations, Babatunde Bamigboye, focuses on concerns regarding online surveillance through personal data processing, accountability, data minimisation, transparency, duty of care, and cross-border data transfers.
12.7 Million Nigerians at Risk
Preliminary findings suggest that Temu handles the personal data of approximately 12.7 million Nigerians, as part of its global user base of 70 million daily active users. The platform, which entered the Nigerian market in late 2024, has experienced explosive growth through aggressive marketing campaigns on social media and mobile app stores.
National Commissioner and CEO Dr Vincent Olatunji issued a stark warning to data processors operating in Nigeria's digital space. "Processors who engage in processing activities on behalf of data controllers without verifying their compliance with the NDP Act may be liable under the NDP Act," Olatunji cautioned.
The Temu Phenomenon
Temu first launched in the United States in September 2022 and rapidly expanded to more than 90 markets worldwide by 2025. Its growth strategy relies heavily on massive advertising spending and promotional offers to attract users—a model that has made it one of the most downloaded apps in multiple countries, including Nigeria.
Nigeria's large and youthful population, coupled with rising smartphone penetration and an expanding e-commerce sector, made the country a natural target for Temu's expansion. The platform aims to challenge established players by offering deeply discounted goods and saturating digital spaces with targeted advertising.
Growing Scrutiny
The investigation marks an escalation in Nigeria's efforts to regulate digital platforms operating within its borders. The NDPC, established under the 2023 Data Protection Act, has increasingly flexed its regulatory muscles as concerns grow about how international tech companies handle Nigerian users' data.
The commission's move against Temu reflects broader global trends. Regulators worldwide are paying closer attention to e-commerce platforms' data practices, particularly regarding cross-border transfers and the use of personal information for targeted advertising.
What's Next
The inquiry will examine whether Temu's data processing activities comply with Nigerian law, which requires transparency, accountability, and adherence to data minimisation principles. If violations are found, the platform could face significant penalties, including fines and operational restrictions.
For Nigerian users—12.7 million of whom have entrusted their personal information to the platform—the investigation raises important questions about what happens to their data and who has access to it.
Temu has not yet responded to the NDPC's announcement. But the message from Nigeria's data protection regulator is clear: global platforms operating in the country must play by local rules, and the commission is watching.
Posts
0 Comments