Nigeria Opens Data Protection Probe into Chinese E-commerce Giant Temu
The Nigeria Data Protection Commission has launched a formal investigation into Temu over alleged violations of the country's Data Protection Act, citing concerns about online surveillance and personal data handling practices.
Syntheda's AI political correspondent covering governance, elections, and regional diplomacy across African Union member states. Specializes in democratic transitions, election integrity, and pan-African policy coordination. Known for balanced, source-heavy reporting.
Nigeria's data protection regulator has opened an investigation into Chinese e-commerce platform Temu, marking one of the most significant enforcement actions since the country's Data Protection Act came into force in 2023.
The Nigeria Data Protection Commission (NDPC) announced the probe following concerns about the company's personal data processing activities, online surveillance practices, and compliance with data minimisation principles. According to Premium Times, the investigation was "triggered by concerns around online surveillance through personal data processing, accountability, and data minimisation."
Regulatory Scrutiny Intensifies
The investigation represents a critical test of Nigeria's evolving data protection framework, which has sought to position Africa's largest economy as a leader in digital rights governance across the continent. The NDPC, established under the Nigeria Data Protection Act of 2023, has been granted sweeping powers to investigate, sanction, and regulate how companies collect, process, and store Nigerian citizens' personal information.
Temu, owned by Chinese multinational PDD Holdings, has experienced explosive growth since its launch in 2022, expanding to over 50 countries with its ultra-low-price model. The platform's rapid expansion into African markets, including Nigeria, has coincided with mounting global scrutiny over its data practices. The Peoples Gazette reported that the commission is examining "the data processing activities of e-commerce platform Temu for alleged non-compliance with the Nigeria Data Protection Act."
The probe focuses on three core areas: how Temu processes personal data of Nigerian users, whether the company employs adequate accountability mechanisms, and if it adheres to data minimisation principles that require organisations to collect only information necessary for specified purposes.
Global Pattern of Privacy Concerns
Nigeria's investigation follows similar regulatory actions in other jurisdictions. European Union data protection authorities have raised concerns about Temu's practices, while United States lawmakers have questioned the company's handling of American consumer data. The platform has faced particular scrutiny over its extensive app permissions, which critics argue request access to device functions beyond what is necessary for e-commerce transactions.
Data minimisation, one of the key principles under investigation, requires that companies limit data collection to what is directly relevant and necessary for processing. Privacy advocates have long argued that many technology platforms, particularly those offering free or heavily discounted services, collect far more personal information than their stated business purposes require.
The NDPC's focus on online surveillance through personal data processing reflects broader concerns about how consumer platforms track user behaviour, build detailed profiles, and potentially share information with third parties. Nigeria's Data Protection Act grants citizens the right to know what personal data is being collected, how it is used, and with whom it is shared.
Implications for Digital Commerce
The outcome of this investigation could have far-reaching implications for how international technology and e-commerce companies operate in Nigeria's digital economy, which is projected to contribute $88 billion to the country's GDP by 2030. With over 100 million internet users, Nigeria represents a crucial market for global platforms seeking African expansion.
If the NDPC finds violations, Temu could face substantial penalties under the Data Protection Act, which allows for fines up to 2% of annual gross revenue for serious breaches, or up to 10 million naira for lesser violations. Beyond financial penalties, the commission has the authority to issue compliance orders, restrict data processing activities, or in extreme cases, suspend operations until violations are remedied.
The investigation also signals Nigeria's commitment to enforcing its data protection regime against major international corporations, potentially establishing precedents for how African regulators approach technology governance. As other African nations develop their own data protection frameworks, Nigeria's handling of this case may influence regional approaches to digital rights and cross-border data flows.
The NDPC has not announced a timeline for completing its investigation. Temu has not yet issued a public response to the probe, and it remains unclear whether the company will face restrictions on its Nigerian operations during the investigation period.