Nigeria’s data protection regulator has launched a formal investigation into the e-commerce platform Temu over concerns about how it handles the personal data of millions of users in the country.
On February 17, the National Data Protection Commission (NDPC) announced that it had begun probing the company’s data processing practices. The commission said the move followed concerns that Temu may be unlawfully processing personal information and transferring user data outside Nigeria without adequate safeguards.
According to the NDPC, Temu processes data belonging to an estimated 12.7 million Nigerians. The investigation will assess whether the company has breached provisions of the Nigeria Data Protection Act (NDP Act), 2023.
In a statement, the commission said its preliminary review raised issues relating to online surveillance, accountability, data minimization, transparency, duty of care and cross-border data transfers.
“The NDPC National Commissioner/CEO … has ordered an immediate investigation of the data processing activities of Temu, which may be in violation of the NDP Act,” the statement read.
Temu is owned by PDD Holdings, a Chinese technology group listed on the Nasdaq exchange. The company has expanded rapidly across global markets, including several African countries.
In a response to local media outlet The Punch, a Temu spokesperson said, “At Temu, protecting user privacy and data security is a top priority. We are committed to complying with applicable laws and regulations in our data practices.”
If the NDPC find evidence of non-compliance, the commission has the authority to impose sanctions, including financial penalties. In 2025, it fined Multichoice Nigeria 766 million naira (approximately $565,990) for breaching data protection regulations.