Vincent Olatunji, national commissioner and chief executive officer of the Nigeria Data Protection Commission, has ordered an immediate investigation into the data processing activities of Temu over alleged violations of Nigeria’s data protection laws.
In a statement issued on Monday, Babatunde Bamigboye, head of legal, enforcement and regulations at the commission, said Temu’s operations “may be in violation” of the Nigeria Data Protection Act, 2023.
According to the NDPC, the investigation was prompted by concerns bordering on online surveillance through personal data processing, lack of accountability, data minimisation practices, transparency, duty of care, and cross-border data transfers.
Preliminary findings indicate that Temu processes the personal data of about 12.7 million users in Nigeria, while recording roughly 70 million daily active users globally.
The commission also warned that data processors acting on behalf of data controllers without confirming their compliance with the law could be held liable.
Meanwhile, the NDPC noted that its recent memorandum of understanding with the Nigerian Communications Commission, signed on February 5, was aimed at strengthening inter-agency collaboration to better safeguard Nigerians’ data privacy and protection.