The Nigeria Data Protection Commission (NDPC) has opened a formal investigation into international e-commerce platform Temu over alleged violations of Nigeria’s data protection laws, amid claims that personal information of Nigerian users may have been improperly handled or exposed.

The Commission disclosed that the investigation was triggered by reports and complaints indicating possible non-compliance with the Nigeria Data Protection Act (NDPA) 2023. The probe will examine Temu’s data collection, storage, processing, and cross-border transfer practices as they relate to Nigerian residents.

According to the NDPC, all organisations that process the personal data of Nigerians—whether operating locally or from outside the country—are legally bound by the NDPA.

“No digital platform is exempt from Nigeria’s data protection framework,” the Commission said. “Our mandate is to ensure that the rights of data subjects are protected and that organisations are held accountable.”

Rising Privacy Concerns

Temu, which has rapidly expanded its user base in Nigeria through aggressive marketing and discounted products, has faced increased global attention over its data privacy practices. Concerns raised by privacy advocates include the scale of data harvested from users’ devices, the purpose for which such data is processed, and the adequacy of security safeguards.

The NDPC stated that its investigation will determine whether:

• Nigerian users were properly informed about how their data is used

• Consent mechanisms meet legal standards

• Adequate technical and organisational security measures were implemented

• Cross-border data transfers comply with Nigerian law

Legal and Financial Implications

Under the NDPA, organisations found in breach of data protection obligations may be subject to administrative penalties, enforcement directives, and mandatory data protection audits. In serious cases, the Commission may order restrictions on data processing activities until compliance is achieved.

Legal experts note that the investigation could mark a turning point in Nigeria’s approach to regulating global digital platforms.

“This is a clear message that Nigeria intends to actively enforce its data protection regime,” a data protection lawyer said. “Foreign companies must now take Nigerian compliance as seriously as they do in other regulated markets.”

The NDPC has encouraged Nigerians who believe their personal data may have been affected to report such incidents to the Commission. It also reiterated its commitment to safeguarding personal data and promoting trust in Nigeria’s digital ecosystem.

The outcome of the investigation is expected to influence how international technology and e-commerce firms structure their data protection and compliance strategies when operating in Nigeria.