NDPC Launches Investigation into Temu Over Alleged Data Protection Violations
The Nigeria Data Protection Commission (NDPC) has initiated a formal investigation into the global e-commerce platform Temu, following allegations of violations of the country's data protection laws. This move underscores the Commission's commitment to safeguarding the privacy rights of Nigerian citizens and ensuring strict adherence to established data protection standards.
Immediate Probe Ordered by National Commissioner
Vincent Olatunji, the National Commissioner and Chief Executive Officer of the NDPC, has ordered an immediate and thorough probe into Temu's data processing practices. This decision was prompted by serious concerns that the company's operations may breach key provisions of the Nigeria Data Protection Act, raising alarms about potential risks to user data.
Key Concerns Driving the Investigation
The investigation was triggered by multiple issues, including possible online surveillance linked to personal data processing. Additional concerns center on accountability, compliance with data minimisation principles, transparency obligations, duty of care, and the handling of cross-border data transfers. These factors highlight the complexity of data protection in the digital age and the need for robust regulatory oversight.
Preliminary Findings on Temu's Operations
Preliminary findings from the NDPC reveal that Temu operates as a major e-commerce platform, handling the personal data of an estimated 12.7 million users in Nigeria. Globally, the platform records around 70 million daily active users, indicating its significant reach and the potential scale of data protection implications.
Warning to Third-Party Data Processors
In a related development, the Commission has issued a stern warning to third-party data processors. Organisations that handle data on behalf of controllers without verifying their compliance with the Data Protection Act could be held liable under Nigerian law. This emphasizes the shared responsibility in data protection and the legal consequences of non-compliance.
NDPC's Mandate and Broader Implications
The NDPC stated that this investigation is part of its core mandate to protect the privacy rights of Nigerians and ensure that all companies operating within the country adhere strictly to established data protection standards. This action serves as a reminder of the growing importance of data security in e-commerce and the regulatory measures in place to enforce compliance.
