Nigeria’s data watchdog cites concerns over online surveillance, transparency, data minimisation and cross-border transfers, while warning third-party processors of possible liability.

The Nigeria Data Protection Commission (NDPC) has commenced an investigation into global e-commerce platform, Temu, over alleged violations of the Nigeria Data Protection Act.

The probe was ordered by the NDPC’s National Commissioner and Chief Executive Officer, Vincent Olatunji, following growing concerns that Temu’s data processing practices may breach key provisions of the law.

According to the Commission, the investigation is driven by issues surrounding potential online surveillance through personal data processing, questions of accountability and transparency, compliance with data minimisation principles, duty of care, and the management of cross-border data transfers.

Preliminary assessments indicate that Temu operates as a major e-commerce platform handling the personal data of an estimated 12.7 million users in Nigeria, with approximately 70 million daily active users globally.

In a related development, the NDPC issued a strong warning to third-party data processors, stressing that organisations handling personal data on behalf of controllers without confirming their compliance with the Data Protection Act risk being held liable under Nigerian law.

The Commission noted that the ongoing investigation aligns with its statutory mandate to protect the privacy rights of Nigerians and ensure strict adherence to data protection standards by companies operating within the country.