NDPC investigates Temu over misuse of data of 12.7 million Nigerians

Nigeria’s data protection regulator has launched an investigation into Chinese e-commerce platform Temu over concerns that the company may have violated privacy laws in how it collects and handles personal information from approximately 12.7 million Nigerian users.

The Nigeria Data Protection Commission announced the probe, with CEO, Dr Vincent Olatunji, ordering an immediate investigation into Temu’s data processing activities.

The commission is examining whether Temu properly follows Nigeria’s data protection rules around surveillance, transparency, and data transfers across borders. It is also investigating how much user information the platform collects.

Temu, which has 70 million daily active users globally, operates as an online marketplace selling everything from electronics to clothing at heavily discounted prices. The platform has grown rapidly in Nigeria over the past year, but regulators are now questioning whether that growth came at the expense of user privacy.

What triggered the investigation into Temu

The NDPC’s concerns centre on several key issues. It is investigating whether Temu is conducting online surveillance through the personal data it collects. It is also probing whether it is being transparent about how it uses that data and whether it is transferring Nigerian user information to servers outside the country without proper safeguards.

Finally, the commission is investigating whether the Chinese e-commerce company is collecting more data than necessary to run its business.

Data minimisation, a core principle of Nigeria’s Data Protection Act, requires collecting only necessary data. Therefore, a platform’s excessive collection of personal information from millions of Nigerians violates the Act.

The same goes for cross-border data transfers: companies can’t just move Nigerian user data to foreign servers without meeting specific legal requirements.

The investigation also covers accountability and duty of care, which essentially means Temu needs to prove it’s taking user privacy seriously and has systems in place to protect the data it collects. For a platform handling information from nearly 13 million Nigerians, those protections better be robust.

Also read: Temu and Shien under probe in South Africa over compliance with Consumer Protection Act

NPDC warns others

The NDPC also warned data processors, which are companies that handle personal information for other businesses, that they can be held responsible if they work with platforms that do not follow Nigerian privacy law.

This is a clear warning for local delivery companies, payment companies, and other businesses that might be helping Temu work in Nigeria.

If those processors did not check that Temu follows data protection rules before working with them, they could also get in trouble. This shows that following the rules is not just the platform’s job; everyone involved with the data needs to make sure they are doing things right.

Temu has not replied to the investigation yet. The NDPC has not said how long the probe will take or what penalties Temu could face.

The investigation comes as regulators worldwide scrutinise Chinese apps and platforms over data privacy concerns, particularly around where user data ends up and who has access to it.

The post NDPC investigates Temu over misuse of data of 12.7 million Nigerians first appeared on Technext.