Nigeria Opens Data Privacy Probe Into Temu

Nigeria’s data protection authority has initiated a formal investigation into the data processing activities of Temu, signaling heightened regulatory scrutiny of global technology platforms operating in Africa’s largest consumer markets.

The Nigeria Data Protection Commission (NDPC) said the probe was triggered by concerns that Temu’s practices “may be in violation of the Nigeria Data Protection Act (NDP Act), 2023.”

The regulator cited issues including online surveillance through personal data processing, accountability obligations, transparency requirements, duty of care, data minimization standards, and cross-border data transfers.

Regulatory Focus on Data Practices

NDPC National Commissioner Dr Vincent Olatunji ordered the investigation, warning that processors acting on behalf of Temu could also face liability if compliance failures are established.

The commission said preliminary findings indicate Temu processes the personal data of approximately 12.7 million data subjects in Nigeria, while the platform maintains around 70 million daily active users globally.

The NDPC emphasized that entities engaged in processing data for controllers without verifying compliance “may be liable under the NDP Act.”

Temu’s Response and Position

Temu said it would cooperate with Nigerian authorities. “We will continue to engage in open and constructive dialogue with the NDPC to address any questions or concerns,” spokesperson Robin Calleja said.

Temu, owned by Nasdaq-listed PDD Holdings, has expanded rapidly in Nigeria through its app-based marketplace model, offering discounted products across fashion, electronics, and household goods categories.

Precedent for Financial Penalties

Nigeria’s regulator has previously imposed significant penalties for data law violations. In 2025, the NDPC fined Multichoice Nigeria 766 million naira ($565,990) for breaches of data protection regulations.

The Temu investigation could similarly expose the company and its data processors to sanctions or corrective directives depending on the findings.

Global Context of Digital Oversight

The probe comes amid broader global scrutiny of Temu’s data governance practices as regulators worldwide increase oversight of cross-border data flows, consumer privacy protections, and algorithm-driven surveillance concerns.

Nigeria’s NDP Act, enacted in 2023, established clearer compliance requirements for digital platforms handling citizens’ personal information, including limitations on excessive data collection and stricter transparency obligations.

The outcome of the investigation may shape regulatory expectations for other international e-commerce and technology firms operating across West Africa.