The Nigeria Data Protection Commission (NDPC) says it will investigate Temu, an online marketplace, over an alleged data breach in violation of the Nigeria Data Protection Act (NDPA).
This is contained in a statement issued on Monday in Abuja by Babatunde Bamigboye, Head of Legal, Enforcement and Regulations at the commission.
Bamigboye said that Dr Vincent Olatunji, National Commissioner of the NDPC, gave the directive following concerns relating to online surveillance, personal data processing practices, and compliance obligations under the Act.
He said the probe was triggered by issues surrounding accountability, data minimization requirements, transparency, duty of care, and cross-border transfers of personal data.
Bamigboye stated that preliminary findings indicate that Temu processes the personal information of about 12.7 million data subjects in Nigeria, while the platform records approximately 70 million daily active users globally.
He added that the commission warned that data processors who carry out processing activities on behalf of data controllers without verifying their compliance with the provisions of the NDPA could be held liable under the law.
“Findings from the investigation will be made public as it progresses,” he said.
Bamigboye reiterated the commission’s commitment to protecting the privacy rights of Nigerians and ensuring that organizations handling personal data operate within the framework of the country’s data protection regulations.
