The National Commissioner and Chief Executive Officer of the Nigeria Data Protection Commission (NDPC), Babatunde Bamigboye, has directed an immediate investigation into the data processing practices of e-commerce platform Temu.
In a statement issued on Monday, Babatunde Bamigboye, the commission’s head of legal, enforcement and regulations, said the company’s operations “may be in violation” of the Nigeria Data Protection Act (NDP Act), 2023.
Bamigboye explained that the decision followed concerns about issues including online surveillance linked to personal data handling, compliance with accountability and data minimisation principles, transparency obligations, duty of care, and cross-border data transfers.
“Preliminary investigations indicate that Temu is an e-commerce platform which processes personal information of approximately 12.7 million data subjects in Nigeria with 70 million daily active users globally,” the statement reads.
The commission also cautioned that data processors acting on behalf of data controllers must ensure those controllers comply with the NDP Act, warning that failure to do so could attract legal liability.
Earlier this month, the Nigerian Communications Commission (NCC) and the NDPC formalised a memorandum of understanding aimed at enhancing cooperation on data protection and privacy enforcement nationwide.
According to the NDPC, the agreement is designed to pool the technical expertise and regulatory capacity of both agencies to better safeguard Nigerians’ personal information.
