Nigeria’s data protection authority has launched a formal investigation into Temu, the Chinese-owned e-commerce giant, over allegations that it may be mishandling the personal data of millions of Nigerians. The move signals a maturing regulatory posture from Africa’s largest internet market, and puts one of the world’s fastest-growing shopping platforms on notice.
What Triggered the Probe
The Nigeria Data Protection Commission (NDPC) ordered the investigation following a February 16 press release, citing mounting concerns about Temu’s handling of personal information. The probe was authorised by the Commission’s CEO, Dr. Vincent Olatunji, and focuses on several areas: alleged online surveillance, lack of transparency, failure to adhere to data minimisation principles, and the platform’s protocols for cross-border data transfers.
In plain terms, regulators want to know whether Temu is collecting more data than it needs, being upfront about how that data is used, and routing it to servers in ways that violate Nigerian law.
The Scale of the Problem
Preliminary findings from the NDPC indicate that Temu currently processes the personal data of approximately 12.7 million individuals in Nigeria, part of a global daily active user base of around 70 million. The platform made its entry into the Nigerian market in late 2024, accompanied by an intense marketing drive across social media platforms and mobile app stores. Its rapid growth, built on steep discounts and addictive app mechanics, is precisely what has drawn regulators’ attention.
A Pattern of Global Scrutiny
Nigeria is not acting alone. In May 2025, South Korea’s Personal Information Protection Commission fined Temu approximately $978,000 over violations, including undisclosed cross-border data transfers and inadequate oversight of third-party processors. In September 2025, the U.S. Federal Trade Commission imposed a $2 million civil penalty under the INFORM Consumers Act. The European Commission has also issued preliminary findings that Temu may have breached the Digital Services Act, with potential fines of up to six percent of global annual turnover. In the United States, Arkansas sued Temu in 2024, labelling it “dangerous malware” for allegedly accessing users’ devices beyond what its core functions require.
What Nigeria Can Do About It
Under the Nigeria Data Protection Act 2023, companies guilty of serious violations can be fined up to 2% of their Annual Gross Revenue or ₦10 million, whichever is higher. The bigger risk is that they could be banned from operating in Nigeria entirely. The NDPC has also warned that third-party processors working with non-compliant platforms could face direct liability themselves, casting a wider net over the entire ecosystem that supports Temu’s local operations.
Nigeria has a precedent for following through. In 2024, the watchdog fined MultiChoice Nigeria ₦766 million for infringing data-protection rules, one of the largest penalties of its kind on the continent.
The Bigger Picture
This investigation is part of a broader pattern. In March 2025, the NDPC ordered similar investigations into TikTok and Truecaller over their data practices. Nigeria is clearly no longer content to be a passive consumer market for foreign tech platforms. As digital commerce deepens and data becomes more valuable, the message from Abuja is increasingly clear: access to Nigerian users comes with legal obligations that will be enforced.
