Nigeria has opened a full-scale investigation into Temu, the fast-fashion e-commerce platform, intensifying scrutiny of how global digital marketplaces handle user data in Africa’s largest economy. The probe, led by the Nigeria Data Protection Commission (NDPC), comes amid growing concerns about online privacy, cross-border data transfers, and compliance with Nigeria’s Data Protection Act (NDPA).
Scope of the Investigation
The NDPC said the investigation focuses on alleged violations of key data protection principles, including opaque handling of personal information, online surveillance through data tracking, and breaches of the law’s data-minimisation requirements. The agency is also examining cross-border transfers of Nigerian users’ data, given Temu’s global operations and international data-sharing practices.
Preliminary findings indicate that Temu already holds the personal information of approximately 12.7 million Nigerian users, drawn from its global user base of around 70 million daily active users. This scale has raised alarms about the potential risks posed to individuals’ privacy, especially in a market where digital literacy and awareness of data rights are still evolving.
“Processors who engage in activities on behalf of data controllers without verifying compliance with the NDP Act may be liable under the NDP Act,” said Vincent Olatunji, head of the NDPC, highlighting that accountability extends to both local and foreign entities operating in Nigeria.
Temu’s Rapid Rise in Nigeria
Temu’s aggressive expansion into Nigeria mirrors a broader global strategy by PDD Holdings, its parent company. Since launching in the United States in 2022, the platform has expanded to over 90 markets worldwide by 2025, relying on a model that combines deep discounts, heavy advertising, and fast acquisition of new users.
Upon entering Nigeria in late 2024, Temu quickly climbed app-store rankings, capitalizing on the country’s young population, rising smartphone penetration, and strong appetite for affordable online retail. Its fast growth has been fueled by strategies common in the global e-commerce space, including frequent promotions, incentivized referrals, and data-driven marketing targeting specific demographics.
However, this rapid adoption has also brought regulatory scrutiny, particularly around the collection, storage, and use of personal data in a country with one of Africa’s most active digital economies.
Temu Pledges Cooperation
Temu initially did not respond to regulatory inquiries but later released a statement affirming its commitment to data privacy and compliance
“At Temu, protecting user privacy and data security is a top priority. We are committed to complying with applicable laws and regulations in our data practices. We will continue to engage in open and constructive dialogue with the NDPC to address any questions or concerns,” the company said.
While Temu has not detailed how it will address the NDPC’s concerns, the company faces mounting international pressure, with regulators increasingly holding digital platforms accountable for data management practices.
A Global Trend in Regulatory Enforcement
Nigeria’s investigation aligns with a global pattern of enforcement actions. In May 2025, South Korea’s Personal Information Protection Commission fined Temu about $978,000 for undisclosed cross-border transfers and insufficient oversight of partner processors. Later that year, the U.S. Federal Trade Commission imposed a $2 million penalty under the INFORM Consumers Act, citing inadequate transparency regarding high-volume sellers and failure to provide proper reporting channels for suspicious or counterfeit products.
In Europe, preliminary findings from the European Commission suggest potential violations of the Digital Services Act, which could expose Temu to fines of up to six percent of global annual revenue—a potentially far larger financial risk than the nearly $3 million it has already been penalized for in South Korea and the United States.
Implications for Nigeria and Africa
The NDPC’s probe is widely seen as a test case for Nigeria’s evolving data-protection regime. How Temu responds could influence future operations of global digital platforms in Africa, particularly those that rely on large-scale data collection and cross-border processing.
For Nigerian consumers, the investigation highlights the importance of data privacy and accountability in a fast-growing e-commerce ecosystem. For regulators, it underscores the challenges of enforcing compliance in a rapidly digitalizing market where global companies operate across multiple jurisdictions.
Temu’s position in Nigeria—both as a market leader in fast-fashion e-commerce and as a global platform with a sophisticated data-driven business model—places it at the center of critical questions about privacy, regulation, and corporate responsibility. The outcome of the NDPC investigation may well shape the regulatory landscape for digital commerce across Africa in the years ahead.