The inquiry, led by the Nigeria Data Protection Commission, follows suspicions of possible violations of the Nigeria Data Protection Act, including online surveillance through data tracking, opaque handling of user information, and potential breaches of data-minimisation rules. Regulators also flagged questions about Temu’s cross-border transfers of Nigerian users’ data.
NDPC officials said preliminary findings show Temu already holds the personal information of about 12.7 million Nigerians, part of a global user base that now sees roughly 70 million daily active users.
The watchdog’s head, Vincent Olatunji, who ordered the probe, warned that organisations processing data on behalf of others must verify compliance with the law. “Processors who engage in processing activities on behalf of data controllers without verifying their compliance with the NDP Act may be liable under the NDP Act,” he said.
Temu’s rapid expansion into Nigeria forms part of a global push that began with its 2022 launch in the United States. Backed by PDD Holdings, the company has spread to more than 90 markets worldwide by 2025, fuelled by a heavy-spending strategy that uses deep discounts and relentless advertising to acquire customers.
When Temu entered Nigeria in late 2024, it immediately surged to the top of app-store rankings, driven by a youth-heavy population, growing smartphone penetration and booming appetite for low-priced online retail.
The NDPC’s action is part of Nigeria’s efforts to tighten oversight of digital companies. Last year, the regulator fined MultiChoice Nigeria 766 million naira for data-protection violations, signalling a more assertive posture toward both local and foreign operators.
Temu did not initially respond to Nigerian regulators, but later issued a statement pledging full cooperation.
“At Temu, protecting user privacy and data security is a top priority. We are committed to complying with applicable laws and regulations in our data practices. We will continue to engage in open and constructive dialogue with the NDPC to address any questions or concerns,” the company said.
The platform has not provided additional details about the specific issues it intends to address, but the Nigerian investigation adds to the company’s mounting international compliance challenges.
Nigeria’s probe follows enforcement actions in several major jurisdictions. In May 2025, South Korea’s South Korea Personal Information Protection Commission fined Temu about $978,000 for undisclosed cross-border data transfers and insufficient oversight of partner processors.
Later that year, the U.S. Federal Trade Commission imposed a $2 million penalty under the INFORM Consumers Act, alleging the company failed to provide adequate transparency about high-volume sellers and did not maintain effective reporting channels for suspicious or counterfeit goods.
Temu also faces ongoing scrutiny in Europe, where the European Commission has issued preliminary findings suggesting the platform may have breached the Digital Services Act.
If confirmed, Temu could face fines of up to six percent of its global annual revenue, a potentially far larger risk than the nearly $3 million in penalties it has already accumulated in the United States and South Korea.
With Temu now embedded in Nigeria’s e-commerce sector, the outcome of the NDPC’s investigation may shape how global digital platforms approach African markets in the future. For regulators, the case is a test of the country’s new data-protection regime. For Temu, it marks another high-stakes challenge in its race to dominate the world’s online shopping industry.
