The Nigeria Data Protection Commission (NDPC) has initiated an official investigation against the e-commerce platform Temu. The investigation focuses on its data handling practices for approximately 12.7 million users in the country. Possible failures in transparency, data minimization, and international transfers without adequate safeguards are being examined. Temu has stated that it will cooperate with the authorities.
The Technical Challenge of Data Minimization and Cross-Border Data Transfers 🌐
The case highlights two key technical requirements of the 2023 Law: data minimization and cross-border transfers. Data minimization requires that only strictly necessary data be collected, a principle that the NDPC suspects Temu may not comply with. Additionally, transferring personal data outside Nigeria requires specific safeguards, such as standard contractual clauses or adequacy certifications, to maintain the level of protection. The commission also warns about the liability of data processors who do not verify compliance.
Your Personal Data: The Star Product with Free Shipping to... Who Knows Where? 📦
It seems that on some platforms, by clicking buy, you not only acquire a product, but also give away a premium package of your personal information to an unknown destination. The Nigerian investigation suggests that the most interesting tracking is not that of the physical package, but the journey of your data through servers around the world. A lesson for the user: sometimes the most expensive deal is the one that doesn't appear on the receipt.