NDPC Orders Immediate Investigation Into Temu Over Data Protection Concerns
The National Data Protection Commission (NDPC) has launched an immediate investigation into the popular e-commerce platform Temu over alleged breaches of Nigeria's data privacy legislation. This regulatory action follows growing concerns about how foreign digital platforms handle the personal information of Nigerian citizens.
Regulatory Scrutiny Over Data Processing Practices
In a significant development for Nigeria's digital privacy landscape, the country's data protection regulator has commenced a formal probe into Temu's operations. The investigation stems from preliminary findings that suggest the company's data processing activities may contravene provisions of the Nigeria Data Protection Act (NDPA).
Vincent Olatunji, National Commissioner and Chief Executive Officer of the NDPC, stated that initial assessments have identified potential violations across multiple areas of concern. These include issues related to online surveillance practices, accountability mechanisms, data minimization principles, transparency requirements, duty of care obligations, and cross-border transfer of personal data.
Millions of Nigerian Users Affected
The investigation carries significant implications given Temu's substantial user base in Nigeria. According to available data, the platform reportedly processes personal information for approximately 12.7 million Nigerian users, while maintaining about 70 million daily active users globally. This extensive reach means the outcome of the investigation could affect data privacy protections for millions of citizens.
Babatunde Bamigboye, Head of Legal, Enforcement and Regulations at the NDPC, emphasized that all digital platforms operating within Nigerian jurisdiction must comply with the country's data protection framework. He warned that failure to adhere to these regulations could trigger enforcement measures under Nigerian law.
Legal Consequences for Non-Compliance
The commission has issued a stern warning to data processors operating in Nigeria, noting that those who act on behalf of data controllers without verifying compliance with the NDPA risk facing legal consequences. This regulatory stance reflects Nigeria's growing commitment to enforcing data privacy standards in an increasingly digital economy.
"All digital platforms operating within Nigeria must comply with the provisions of our data protection framework," Bamigboye stressed. "Non-compliance could trigger appropriate enforcement measures to protect the rights of Nigerian data subjects."
Broader Context of International Scrutiny
This investigation occurs against a backdrop of increasing international concern about Temu's data practices. Last year, European Union regulators accused the Chinese-founded online shopping company of violating the bloc's digital rules by inadequately assessing risks associated with illegal products. EU authorities argued that Temu was not implementing sufficient measures to protect European consumers from potentially dangerous items.
The Nigerian investigation also follows recent enforcement actions against other foreign companies operating in the country. The NDPC recently imposed a substantial N766.24 million fine on MultiChoice for violating data privacy laws and processing information belonging to both subscribers and non-subscribers. The commission found MultiChoice's actions to be intrusive and disproportionate, ordering a comprehensive compliance audit of all the company's data collection channels in Nigeria.
Strengthening Nigeria's Data Protection Framework
This regulatory action aligns with broader efforts to strengthen Nigeria's data protection ecosystem. The federal government recently launched the Nigerian Data Protection Act General Application and Implementation Directive (NDP ACT-GAID) as part of ongoing initiatives to safeguard citizens' data privacy rights. Authorities have also introduced a reporting tool that enables Nigerians to immediately notify the NDPC about suspected data breaches on websites or applications.
The Nigeria Data Protection Act encompasses comprehensive provisions covering:
- Lawful Bases of Data Processing
- Data Protection Principles
- Data Subjects' Rights
- Material and Territorial Scope of the NDP Act
- Data Ethics and Emerging Technologies
As the investigation progresses, stakeholders will be monitoring how this case shapes Nigeria's approach to regulating international digital platforms and protecting citizen data in an increasingly interconnected global marketplace.
