Chinese e-commerce giant, Temu, has come under the scrutiny of Nigeria’s data protection regulator over concerns that the personal data of millions of Nigerians may have been improperly handled.
The probe was ordered by the National Commissioner and Chief Executive Officer of the Nigeria Data Protection Commission (NDPC), Dr. Vincent Olatunji, following indications that the company processes personal information belonging to approximately 12.7 million Nigerians.
The development was disclosed in a statement signed by Babatunde Bamigboye, Esq., CDPRP, Head of Legal, Enforcement and Regulations at the NDPC.
According to the Commission, the investigation was triggered by multiple concerns surrounding the platform’s handling of personal data, including issues related to online surveillance, transparency, accountability, data minimisation, duty of care, and cross border data transfers.
“Preliminary investigations indicate that Temu is an e-commerce platform which processes personal information of approximately 12.7 million data subjects in Nigeria with 70 million daily active users globally,” the Commission stated.
The regulator said the scale of data collection raises significant questions about compliance with Nigeria’s privacy standards.
- Dr. Olatunji also cautioned companies that process personal data on behalf of other organisations to ensure strict compliance with the NDP Act.
- He warned that processors who carry out data processing activities for data controllers without verifying their legal compliance could be held liable under Nigerian law.
The probe comes amid rising regulatory attention on companies across sectors, particularly those handling large volumes of personal information.
Last August, launched a sector-wide investigation into 1,369 organisations suspected of flouting provisions of the Nigeria Data Protection Act (NDPA) 2023.
- According to the Commission, the probe targets companies in sensitive industries such as banking, insurance, pensions, gaming, and insurance brokerage.
- The Commission also gave the companies, which included 795 financial institutions, 21 days to submit evidence of compliance with the NDPA or face sanctions.
- The list of the companies published by the Commission at the time also included 392 insurance broker firms, 35 insurance companies, 10 pension companies, and 136 gaming companies.
Add Comment