Nigeria's Data Protection Commission (NDPC) has launched a comprehensive investigation into the eCommerce platform Temu, following serious allegations of data privacy violations. This inquiry, initiated on February 16, 2025, by NDPC's National Commissioner and CEO, Dr. Vincent Olatunji, comes amidst growing concerns regarding how Temu manages sensitive personal information. With approximately 12.7 million Nigerians using the platform, scrutiny over its data handling practices has intensified, reflecting a broader global trend toward stricter data privacy regulations.
Investigative Focus on Data Handling Practices
The NDPC's investigation centers on several critical issues related to Temu's data processing activities. Allegations suggest the platform may be engaging in online surveillance while lacking transparency about how it collects and utilizes personal data. The NDPC is particularly concerned about whether Temu adheres to data minimization principles, which restrict the collection and retention of personal information to only what is necessary.
In addition, the regulator is examining Temu's accountability and its duty of care concerning user data. This includes a thorough review of the platform's protocols for cross-border data transfers, which have raised red flags given the volume of Nigerian personal data involved. The sheer scale of Temu's operations is notable, as it boasts an estimated 70 million daily active users worldwide, intensifying the urgency for regulatory oversight in Nigeria.
Legal Implications for Third-Party Processors
Dr. Olatunji has cautioned that third-party data processors working on behalf of Temu must ensure compliance with the Nigeria Data Protection Act (NDP Act), 2023. Under the current legislation, these processors could face direct liability if they engage in practices that violate Nigerian data protection laws. The NDPC's rigorous approach signals its commitment to uphold the NDP Act, ensuring that all entities involved in data processing are held to the highest standards of compliance.
The regulator's proactive stance is indicative of a broader effort to safeguard personal information in Nigeria, particularly as the country emerges as the largest internet market on the continent. With the investigation into Temu, the NDPC aims to establish a clear framework for data governance, reinforcing the importance of responsible data handling in the digital economy.
Temu Responds to Regulatory Inquiry
In a statement issued to Techpoint Africa on February 17, 2026, Temu confirmed that it had received notice of the NDPC's investigation and expressed a willingness to cooperate fully with the regulator. "At Temu, protecting user privacy and data security is a top priority," the company asserted. Temu emphasized its commitment to adhering to applicable laws and regulations governing data practices, highlighting its intent to engage in constructive dialogue with the NDPC to resolve any outstanding issues.
This response from Temu reflects a growing awareness among eCommerce platforms of the need to align their operations with increasingly stringent data protection standards. As consumers become more aware of data privacy issues, companies that prioritize user trust and compliance are likely to enhance their reputations in the marketplace.
A Broader Trend in Data Privacy Enforcement
The NDPC's investigation into Temu is part of a wider trend of increased scrutiny over data privacy practices among global eCommerce companies. This move follows similar actions taken by the NDPC against other prominent platforms, such as TikTok and Truecaller, which faced investigations in March 2025. Moreover, in July 2025, the Commission imposed a substantial ₦766.24 million fine on MultiChoice Nigeria for illegal data processing practices.
In April 2025, Nigeria's Competition and Consumer Protection Tribunal upheld a significant $220 million fine against Meta, the parent company of WhatsApp and Facebook, for exploitative practices. These actions underscore Nigeria's determination to enforce its data protection laws rigorously, signaling to both local and international companies that compliance is non-negotiable.
As the NDPC continues its investigation into Temu, the outcomes could have far-reaching implications not only for the platform but also for the wider eCommerce landscape in Nigeria and beyond. The direction of this inquiry will likely set precedents for how data privacy laws are enforced in the digital age, emphasizing the importance of protecting consumer rights in an increasingly interconnected world.