Temu under Nigeria’s eagle watch after $3m penalties across three continents

Less than a year after paying nearly $3 million in penalties across Asia and North America, and while facing potentially steeper sanctions in Europe, Chinese e-commerce giant Temu has come under formal investigation in Nigeria, placing Africa’s largest consumer market firmly on its expanding compliance map.

Nigeria’s National Data Protection Commission (NDPC) this week ordered an immediate probe into Temu’s data-processing activities, citing possible breaches of the Nigeria Data Protection Act (NDPA) 2023.

The regulator flagged six areas of concern: online surveillance through personal data processing, accountability gaps, data minimisation, transparency, duty of care, and cross-border transfer of personal data.

Preliminary findings suggest Temu processes the personal information of about 12.7 million Nigerian users, part of a global base of roughly 70 million daily active users. For regulators, the scale alone raises the stakes.

Read more: NDPC launches probe into Temu over alleged data protection breach

A pattern of regulatory friction

Nigeria’s move does not come in isolation. In May 2025, South Korea’s Personal Information Protection Commission fined Temu approximately $978,000 over undisclosed cross-border data transfers and governance failures, including inadequate oversight of third-party processors and failure to appoint a local representative.

Four months later, the U.S. Federal Trade Commission imposed a $2 million civil penalty, the first enforcement action under the INFORM Consumers Act, accusing the platform of failing to provide consumers with clear information about high-volume third-party sellers and insufficient reporting channels for suspicious or counterfeit goods.

In Europe, scrutiny is intensifying. The European Commission in July 2025 issued preliminary findings that Temu may have breached the Digital Services Act by failing to properly assess and mitigate risks linked to illegal or counterfeit products. If confirmed, fines could reach up to six percent of global annual turnover, potentially far exceeding penalties already paid.

Taken together, the confirmed sanctions total roughly $3 million. But the reputational cost and the looming European exposure may prove far greater.

Read more: Chams Holding floats ChamsCorp Plc to drive AI, data centre, digital device push

Why Nigeria matters

Nigeria’s investigation signals more than regulatory housekeeping. With over 12 million users in Africa’s most populous nation, Temu’s operations sit at the intersection of consumer demand, digital sovereignty and cross-border data governance.

The NDPC has in recent years sharpened its enforcement posture. In 2025, it imposed a N766 million fine on MultiChoice for data protection violations, underscoring that penalties are no longer theoretical.

Vincent Olatunji, NDPC national commissioner has warned that organisations found in violation will face sanctions, and that data processors acting on behalf of controllers may also be liable if they fail to verify compliance.

For Temu, the scrutiny comes at a time when its ultra-low-price, high-volume marketplace model is expanding aggressively into emerging markets. That rapid growth, powered by algorithmic recommendations and gamified engagement, has drawn attention from regulators concerned about opaque data flows and platform accountability.

Cross-border data at the core

A central question for Nigerian authorities will likely revolve around cross-border data transfers. Regulators globally have raised concerns about user data flowing to servers in China and other jurisdictions without sufficient transparency or safeguards.

South Korea’s penalty focused heavily on undisclosed overseas transfers. Nigeria’s NDPC has now identified similar cross-border concerns among its priority review areas. The parallel is unlikely to be accidental.

In a continent increasingly focused on data localisation and sovereignty, the handling of personal information has become both a commercial and geopolitical issue. Platforms operating at scale can no longer assume regulatory leniency in emerging markets.

Temu’s response

In a statement provided to Nigerian authorities and the media, Temu said it places user privacy and data security at the forefront of its operations and remains committed to complying with applicable laws. The company pledged to engage constructively with the NDPC to address any questions or concerns.

For now, the commission has not announced a timeline for concluding its probe.

A broader signal

Nigeria’s action underscores a shifting dynamic in global tech oversight. Enforcement is no longer confined to Washington, Brussels or Seoul. African regulators are increasingly asserting their authority over multinational digital platforms that operate within their borders.

Temu’s challenge is no longer limited to absorbing fines; it must demonstrate that its compliance systems can keep pace with its global expansion. Each new market brings new legal obligations and fewer excuses for missteps already identified elsewhere.

Whether the Nigerian investigation results in sanctions or serves as an opportunity for corrective reform remains to be seen. What is clear, however, is that Temu’s rapid rise has placed it under a widening regulatory spotlight and Nigeria is now part of that watchful circle.

Royal Ibeh is a senior journalist with years of experience reporting on Nigeria’s technology and health sectors. She currently covers the Technology and Health beats for BusinessDay newspaper, where she writes in-depth stories on digital innovation, telecom infrastructure, healthcare systems, and public health policies.

Join BusinessDay whatsapp Channel, to stay up to date