CHINESE-based electronic commerce firm with global reach, Temu has responded to allegations of violation of data breaches in Nigeria.

The eCommerce firm confirmed receipt of the NDPC inquiry and is actively engaging with the Commission.
Recall that on Monday, the Nigeria Data Protection Commission (NDPC) said it has launched an investigation into alleged data violation by Temu in Nigeria.

National Commissioner/CEO, Dr Vincent Olatunji, ordered the immediate investigation, stressing that data processing activities of Temu, may be in violation of the NDP Act.

But in a statement made available to The Guardian through its agency, Tuesday, the embattled firm said: “At Temu, protecting user privacy and data security is a top priority.

We are committed to complying with applicable laws and regulations in our data practices. We will continue to engage in open and constructive dialogue with the NDPC to address any questions or concerns.”

In Monday’s NDPC notice, the Commission claimed that the investigation of Temu was triggered by concerns around online surveillance through personal data processing, accountability, data minimisation requirement, transparency, duty of care and cross-border data transfer.

Preliminary investigations indicated that Temu is an e-commerce platform, which processes personal information of approximately 12.7 million data subjects in Nigeria with 70 million daily active users globally.

A statement signed by NDPC Head, Legal, Enforcement & Regulations, Babatunde Bamigboye, noted that the National Commissioner warned that processors, who engage in processing activities on behalf of data controllers without verifying their compliance with the NDP Act may be liable under the NDP Act.

Prior to Monday’s reaction, that there have been rising cases of data breaches by organization and this has gotten the attention of data regulator in the country.

In August 2025, NDPC launched a sector-wide investigation into 1,369 organisations suspected of flouting provisions of the Nigeria Data Protection Act (NDPA) 2023.

According to the Commission, the probe targets companies in sensitive industries such as banking, insurance, pensions, gaming, and insurance brokerage.

The Commission also gave the companies, which included 795 financial institutions, 21 days to submit evidence of compliance with the NDPA or face sanctions.

The list of the companies published by the Commission at the time also included 392 insurance broker firms, 35 insurance companies, 10 pension companies, and 136 gaming companies.