How Global Regulators Are Catching Up With Temu

Image: Temu

Law

How Global Regulators Are Catching Up With Temu

Temu is increasingly coming under the microscope of regulators, lawmakers, and consumer plaintiffs, all of which are focusing on the workings of its quickly-growing e-commerce platform. Just this week, the state of Arkansas added itself to the pool of parties that have taken ...

June 28, 2024 - By Aaron West

How Global Regulators Are Catching Up With Temu

Image : Temu

key points

Scrutiny over Temu’s data collection practices has been growing, with lawmakers and regulators around the world taking a closer look at the company’s online operations.

The state of Arkansas' lawsuit is the most recent one to be filed against Temu over its data collection practices, and the first to be filed by a state.

The new lawsuit comes less than a year after two class actions were filed against Temu over the same allegations, along with a number of government inquiries and security expert investigations.

Case Documentation

How Global Regulators Are Catching Up With Temu

Temu is increasingly coming under the microscope of regulators, lawmakers, and consumer plaintiffs, all of which are focusing on the workings of its quickly-growing e-commerce platform. Just this week, the state of Arkansas added itself to the pool of parties that have taken action against Temu, alleging in a newly-filed complaint that the China-founded, Boston-based retailer is utilizing nefarious means to gain access to the private information of consumers who use its shopping app. While the array of complaints and inquiries that Temu is facing – which range from class action cases to a Better Business Bureau warning – may originate from different sources, one thing is clear: Temu’s operations are no longer flying under the radar. 

As Arkansas Attorney General Tim Griffin alleges in the state’s lawsuit against Temu and its parent company PDD Holdings, which was filed with the Cleburne County Circuit Court on June 25, Temu’s online shopping platform “is purposefully designed to gain unrestricted access to a user’s phone operating system,” including a user’s camera, location, contacts, text messages, and apps. The state’s complaint goes on to claim that Temu’s “excessive, unjustifiable, and hidden” data collection practices violate the Arkansas Deceptive Trade Practices Act and the Arkansas Personal Information Protection Act at the expense of users who live in the state.

“Though it is known as an e-commerce platform, Temu is functionally malware and spyware,” Griffin said in a statement in connection with the suit, asserting that Temu’s app, which launched in the U.S. in 2022, “can override data privacy settings on users’ devices, and it monetizes this unauthorized collection of data.”

The state – which is seeking a $10,000 penalty for each violation of its trade practices and personal information acts, along with other damages and remedies – highlights dozens of examples to back up its allegations. For instance, Griffin maintains that in 2023, both Apple and Google suspended Temu’s apps from their app stores due to malware and data collection concerns. He also points to research that describes Temu’s app as “the most dangerous malware/spyware package currently in widespread circulation,” among other heavy criticisms.

Meanwhile, a Temu spokesperson said in an emailed statement to The Fashion Law on Thursday that Temu was surprised and disappointed by the new lawsuit, adding that the company categorically denies the allegations, which it said are “based on misinformation circulated online.”

“We are committed to the long-term and believe that scrutiny will ultimately benefit our development,” the company said in the email. “We are confident that our actions and contributions to the community will speak for themselves over time.”

TLDR: “While this is the first state lawsuit against Temu over its deceptive trade practices, it is not the first time Temu’s tactics have been called into question,” Griffin said.

A Growing Number of Domestic Actions

Arkansas’ lawsuit comes less than a year after the filing of two federal class action complaints that make similar claims against Temu. The class action suits, which were filed in the U.S. District Court for the Northern District of Illinois and the U.S. District Court for the Eastern District of New York in November and September 2023, respectively, allege that the retail titan failed to secure customers’ personal and financial data, and misled consumers about the scope and reach of its data access.

Like Arkansas’ complaint, the pair of proposed class actions, brought by users who downloaded the Temu app in New York, Illinois and California, allege that the company has engaged in a scheme of malicious data privacy invasion. For instance, the plaintiffs in the New York suit allege that Temu has “secretly and invasively amassed massive amounts of extremely private information and data about its users by tracking their activity on third-party websites.” Meanwhile, the Illinois lawsuit describes Temu’s app as being “purposefully and intentionally loaded with tools to execute virulent and dangerous malware and spyware activities” on users’ phones, and more broadly, characterizes the company’s app as “an urgent security threat to U.S. national security interests.”

Not limited to consumer plaintiff-initiated actions, a U.S. Congressional body launched its own probe into Temu’s practices late last year. In a December 20 letter to the president of Temu’s parent company, Qin Sun, the House Committee on Energy and Commerce requested the company answer questions about its “lax data security practices or backdoors to access user information” and the national security risks associated with them. The Committee also called on Temu to address concerns about forced labor in its supply chain.

Four months after the Committee sent its headline-making letter to Temu, the U.S.-China Economic and Security Review Commission issued a report that echoed many of the same concerns, specifically targeting Temu’s (and rival Shein’s) business practices and corresponding cybersecurity risks. 

“The U.S. government should be vigilant in ensuring that these firms adhere to U.S. laws and regulations and are not granted unfair advantages over U.S. firms,” the U.S.-China Economic and Security Review Commission’s report states. It goes on to raise questions about Temu’s potential violations of domestic intellectual property laws, among other issues, and to encourage lawmakers to consider creating new policies to address the rapid rise and alleged wrongdoings associated with the likes of Temu and its rivals.

Attention on an International Scale

Not limited to domestic actions, Temu is also grappling with regulatory scrutiny on an international scale. This week, for example, officials in Indonesia said that the company’s business model of selling directly to consumers violates the country’s domestic regulations that require foreign entities to sell to consumers by way of a local distributor or intermediary. Meanwhile, the Korea Times reported on Wednesday that the Fair Trade Commission in South Korea is investigating Temu for “inappropriate sales activities.” 

Still yet, in the European Union, officials announced in May that as a Very Large Online Platform (“VLOP”) under the EU’s Digital Services Act (“DSA”), Temu will be regulated under its strictest digital rules, which require it to address risks like “the listing and sale of counterfeit goods, unsafe products, and items that infringe on intellectual property rights.” Temu’s designation as a VLOP comes after an EU consumer interest-focused organization lodged a complaint with the European Commission, in which it argued that the “booming Chinese online marketplace” is “failing to protect consumers” and “using manipulative practices that are illegal” under the DSA. 

Taken as a whole, the recent regulatory and legal actions that Temu has begun to face as it gains traction around the world illustrate how regulators both in the U.S. and abroad are beginning to pay close attention to the company’s actions. As Temu attempts to reach new markets – and new regulations and policies are created to police it – the scrutiny is likely to only expand with it.

The case is State of Arkansas v. PDD Holdings Inc., F/K/A Pinduoduo Inc.; and Whaleco Inc. D/B/A Temu, 12CV-24-19 (Circuit Court of Cleburne County, Arkansas)

related articles