Nigeria – The Nigeria Data Protection Commission has launched a formal investigation into Chinese-owned e-commerce platform Temu amid concerns over potential breaches of Nigeria’s 2023 Data Protection Act, the regulator announced in a press release on February 16, 2026.
The probe focuses on personal data processing practices, targeting roughly 12.7 million Nigerian users of Temu. Globally, the platform records about 70 million daily active users. The investigation examines issues including online surveillance, transparency, accountability, cross-border data transfers, and compliance with lawful processing requirements under Nigeria’s privacy law.
Under the 2023 Act, organisations collecting personal data in Nigeria must:
- Demonstrate a lawful basis for processing
- Limit data collection to what is strictly necessary
- Protect users’ rights and privacy
- Ensure adequate safeguards when transferring data abroad
The NDPC highlighted potential exposure for Temu regarding consent, purpose limitation, and international data flows, and warned that third-party processors, including vendors, logistics partners, and intermediaries, could also face liability if compliance is not verified.
The investigation aligns with global scrutiny of Temu and other ultra-low-cost marketplaces, where authorities in Europe and elsewhere have examined issues related to digital services compliance, algorithmic profiling, and consumer protection.
For Nigeria, Africa’s most populous nation and one of the continent’s fastest-growing e-commerce markets, the Temu probe represents a test case for digital sovereignty and enforcement of strengthened privacy protections. While the NDPC has not specified a timeline or potential penalties, any confirmed violations could shape how foreign digital platforms handle personal data in Nigeria.
Temu, which has rapidly expanded its presence in Nigeria’s online retail space, may now face stricter scrutiny in aligning its operations with the country’s new legal framework, signaling that regulators are increasingly focused on accountability and consumer protection in cross-border e-commerce.
Nigeria, Africa’s most populous country with over 220 million people, has rapidly become one of the continent’s largest and fastest-growing e-commerce markets. Online marketplaces, mobile apps, and digital payment platforms have expanded rapidly, spurred by rising smartphone penetration, growing internet access, and a youthful consumer base. Temu, a Chinese-owned platform offering ultra-low-cost consumer goods, has become a significant player in this space, attracting millions of Nigerian users.
More Read
To address growing concerns over personal data protection, privacy, and digital security, Nigeria enacted the 2023 Data Protection Act, strengthening the regulatory framework for the collection, processing, and storage of personal information. The law requires organizations to:
- Establish a lawful basis for processing data
- Minimize data collection to what is strictly necessary
- Protect user rights and privacy
- Ensure adequate safeguards for cross-border transfers
The Nigeria Data Protection Commission enforces these rules, including provisions on consent, transparency, data minimization, and accountability. Organizations that fail to comply may face fines, sanctions, or operational restrictions, particularly when personal data is transferred outside Nigeria.
Temu’s operations, like those of many foreign digital platforms, involve a network of third-party vendors, logistics providers, and intermediaries, raising additional compliance challenges. Globally, similar marketplaces have faced scrutiny in regions such as Europe, where regulators have examined algorithmic profiling, targeted advertising, and cross-border data flows.
The NDPC investigation into Temu represents one of Nigeria’s first high-profile tests of the 2023 Act and reflects broader trends in Africa and worldwide, where governments are increasingly emphasizing digital sovereignty, consumer protection, and accountability in an era of cross-border e-commerce. The outcome may set precedents for how foreign online platforms operate and process personal data within Africa’s largest digital consumer market.
