Lagos, Nigeria – Nigeria’s data protection authority has launched a formal investigation into the e-commerce platform Temu, amid growing concerns over the handling of personal data and potential breaches of national regulations. The move signals a tightening of scrutiny towards foreign digital companies operating within the country and reflects a broader global trend of increased oversight of Temu’s data practices.
The Nigeria Data Protection Commission (NDPC) initiated the probe following concerns regarding opaque data processing methods, potential online surveillance, and the possibility of unlawful cross-border transfer of user information. According to the NDPC, preliminary investigations suggest that Temu currently processes the personal data of approximately 12.7 million Nigerians, a significant figure within its estimated global daily active user base of around 70 million.
Vincent Olatunji, head of the NDPC, authorized the investigation and issued a warning that organizations processing data on behalf of others must demonstrate full compliance with the Nigeria Data Protection Act of 2023. He emphasized that any failure to adhere to statutory provisions could result in accountability and potential liability for those involved. Reuters reported that Olatunji stressed the importance of verifying compliance.
Rising Global Scrutiny of Temu
This investigation places Nigeria among a growing number of jurisdictions examining Temu’s operations. The company, backed by PDD Holdings, has experienced rapid international expansion since its launch in the United States in 2022, extending its reach to over 90 markets by 2025. This growth has been fueled by aggressive discount campaigns and substantial advertising investments. However, this rapid expansion has also attracted increased regulatory attention.
Temu’s entry into Nigeria in late 2024 saw a swift rise in app-store rankings, capitalizing on a young and digitally connected population, coupled with strong demand for affordable online retail options. The platform’s popularity highlights the growing e-commerce market in Nigeria, but also underscores the need for robust data protection measures.
The NDPC’s action follows a similar enforcement move last year, where a ₦766 million penalty was imposed on MultiChoice Nigeria for data protection breaches. This demonstrates a more assertive stance by the regulatory body towards both domestic and international companies operating within the Nigerian digital economy.
Temu Responds, Pledges Cooperation
Initially, Temu did not respond to official inquiries from the NDPC. However, the company subsequently issued a statement expressing its willingness to fully cooperate with the authorities. Temu affirmed its commitment to safeguarding user privacy and pledged continued engagement with regulators to address any concerns raised during the investigation.
Despite this assurance, analysts suggest that the Nigerian probe adds to the mounting global compliance pressures facing the platform. Governments worldwide are increasingly scrutinizing how international tech companies collect, process, and transfer user data across borders, leading to a more complex regulatory landscape for companies like Temu. DW News details the broader international concerns surrounding Temu’s data practices.
Concerns Extend Beyond Nigeria
The concerns surrounding Temu are not limited to Nigeria. In October 2023, the European Commission announced an investigation into the platform, citing concerns about its efforts to prevent the sale of illegal products. The Commission’s investigation also focused on data protection. Later that year, Temu’s EU headquarters in Dublin were searched. In the United States, several states have accused Temu of violating data protection laws, with Arizona joining the ranks in December, alleging that the site tracked users and potentially shared data with authorities in Beijing.
These investigations highlight a pattern of scrutiny regarding Temu’s data handling practices and its compliance with various international regulations. The company’s business model, which relies on aggressive pricing and rapid expansion, has raised questions about its ability to adequately protect user data and adhere to diverse legal frameworks.
The NDPC investigation is focused on several key areas, including online surveillance through personal data processing, accountability measures, adherence to data minimization requirements, transparency in data handling, a duty of care towards users, and the legality of cross-border data transfers. These concerns reflect a growing awareness of the potential risks associated with the collection and use of personal data in the digital age.
As the investigation progresses, the NDPC will likely seek further information from Temu regarding its data processing practices and its compliance with Nigerian data protection laws. The outcome of the investigation could have significant implications for Temu’s operations in Nigeria and potentially influence its approach to data protection in other markets.
The NDPC has not yet announced a timeline for the completion of the investigation. However, officials have indicated that they are committed to ensuring that Temu operates in full compliance with Nigerian law. The next step in the process will likely involve a formal request for information from Temu, followed by a review of the company’s response.
This story will be updated as more information becomes available.
Do you have thoughts on this developing story? Share your comments below.
