The Nigeria Data Protection Commission (NDPC) launched an immediate investigation into the data processing activities of Temu. Vincent Olatunji, national commissioner and chief executive officer of the NDPC, ordered the probe on Monday, February 16, 2026.
Babatunde Bamigboye, head of legal, enforcement and regulations at the NDPC, issued a statement that announced the investigation. Bamigboye stated that Temu’s activities may violate the Nigeria Data Protection Act (NDP Act), 2023. He explained that preliminary findings prompted the action.
The probe targeted several issues. These included online surveillance through personal data processing, accountability, data minimisation requirements, transparency, duty of care, and cross-border data transfers. The NDPC aimed to determine full compliance with the law.
Preliminary investigations revealed that Temu processed personal information of approximately 12.7 million data subjects in Nigeria. The platform also recorded about 70 million daily active users globally. This scale raised additional scrutiny over data handling practices.
Bamigboye stressed that all digital platforms operating in Nigeria must adhere strictly to the NDP Act. He noted that foreign entities and their local processors faced liability if they failed to verify compliance. The NDPC warned of potential sanctions for non-compliance.
Temu did not issue an immediate public response to the NDPC’s directive. The investigation continued as the commission assessed the e-commerce platform’s collection, processing, storage, and transfer of personal data.
