Nigeria: Data Protection Commission opened investigation into Temu over alleged violations of the Data Protection Act

On 16 February 2025, the Data Protection Commission (NDPC) opened an investigation into the data processing practices of the e-commerce platform Temu. The investigation was initiated due to allegations that the company's activities may violate the Data Protection Act (NDP Act) 2023, specifically concerning online surveillance through personal data processing and accountability. The NDPC is also examining the platform's compliance with data minimisation requirements, transparency, duty of care, and cross-border data transfer requirements. The NDPC noted that preliminary findings suggest that Temu processes personal information of approximately 12.7 million data subjects in the country. The NDPC further noted that data processors operating on behalf of controllers without verifying compliance with the NDP Act could be held liable under the current legislation.