Nigeria’s data protection regulator, the National Data Protection Commission, has launched a formal investigation into the data processing practices of global e commerce platform Temu, citing concerns over online surveillance and cross border data transfers affecting an estimated 12.7 million Nigerian users. The probe was ordered by the National Commissioner, Dr Vincent Olatunji, amid growing global scrutiny of the company’s data collection model.
The Commission said the investigation was triggered by red flags surrounding how Temu collects, processes and shares personal data. Among the issues under review are allegations of intrusive tracking through online surveillance, questions over whether the company adheres to the principle of data minimisation, and concerns about how and where Nigerians’ data is stored or transferred internationally. The regulator is also assessing whether the platform has been sufficiently transparent with users about access to their personal information.
Temu has grown rapidly in Nigeria, mirroring its global expansion that has seen it record about 70 million daily active users worldwide. Its ultra low cost shopping model, driven by aggressive marketing and gamified rewards, has attracted millions of users. However, regulators in several jurisdictions have raised concerns that such data driven strategies may compromise privacy safeguards if not properly regulated.
According to the Commission, the probe will test compliance with key provisions of the Nigeria Data Protection Act, the country’s core legal instrument on privacy and data governance. Particular attention is being placed on the duty of care, which imposes a legal obligation on data controllers to protect users from breaches, unauthorised access and misuse of sensitive information. The Commission described the case as a significant test of Nigeria’s resolve to enforce its data protection laws against global technology platforms.
In a stern warning, the NDPC also cautioned local and international data processors, including logistics firms, payment gateways and cloud service providers working with Temu, to ensure strict compliance with Nigerian law. It stressed that under the Act, processors may be held liable if they process data on behalf of a controller without verifying that the controller complies fully with regulatory requirements.
The investigation, being led by the head of Legal, Enforcement and Regulations at the Commission, Babatunde Bamigboye, is expected to involve a detailed audit of Temu’s backend systems and privacy policies. If violations are established, the platform could face substantial fines or even temporary operational restrictions in Nigeria. For now, the regulator’s message is clear: the era of unchecked data harvesting in Nigeria’s digital marketplace is over.