Temu Is A 'Data-Theft' Biz And Not Marketplace, Ark. AG Says

By Rae Ann Varona


Law360 (June 25, 2024, 10:44 PM EDT) -- App-based online shopping platform Temu is in reality "dangerous malware" that can override phone privacy settings and collect sensitive user information, according to a "first-of-its-kind" state lawsuit by Arkansas alleging deceptive trade practices and privacy violations.


In a 51-page complaint filed in state court, Arkansas Attorney General Tim Griffin says the Temu app is purposely designed to sneak into its users' phone operating systems, gaining access to users' cameras, microphones, contacts and real-time location with an accuracy of at least 10 feet. Even those who don't sign up for the platform risk having their data collected just by emailing or texting Temu users, Griffin said.


"Temu not only seeks a breathtaking array of sensitive data — well beyond what would be necessary or even justifiable for a shopping app — but it does so in a way that is purposely secretive and intentionally designed to avoid detection," Griffin said in the complaint. The lawsuit targets Boston-based WhaleCo Inc., which according to the complaint does business as Temu, and its Ireland-based owner, PDD Holdings Inc. Griffin said in a statement that his lawsuit is the "first-of-its-kind" state suit against the companies alleging violations of the Arkansas Deceptive Trade Practices Act and Arkansas Personal Information Protection Act.


Temu, he said, "is not an online marketplace like Amazon or Walmart" but a "data-theft business that sells goods online as a means to an end." In the complaint, Griffin said that PDD Holdings, formerly known as Pinduoduo Inc., was founded in 2015 in China by a former Google employee but moved its principal executive offices from Shanghai to Dublin in February 2023. He said that ever since PDD Holdings and WhaleCo launched Temu in 2022, the shopping application and website's popularity has skyrocketed in the U.S., partly due to an "aggressive" multibillion-dollar marketing campaign, which included advertisements aired during the 2024 Super Bowl.


Temu was also the most downloaded app in the U.S. in 2023 and had users spending nearly double the amount of time browsing its products than on Amazon, Griffin said. But the shopping platform is "more than an e-commerce juggernaut," the lawsuit asserts, noting that Apple temporarily suspended Temu from its app store last year for misrepresentations concerning the type of data the platform accesses or collects from users.


The state of Montana also recently banned Temu and other apps tied to China in the name of national security, the suit states. There was also a letter the House Committee on Energy and Commerce sent to WhaleCo in December seeking information concerning Temu's data collection practices. The lawsuit said the Temu app was designed to get unrestricted access to users' phones, including by checking a user's device for "root" access, or a device's highest level of access. Griffin said that with root access, the Temu app can "theoretically control or even disable" a device and have "file writing permissions without the user's knowledge or consent."


Griffin alleged that the Temu app tries to hide its behaviors so that it can secretively access sensitive personally identifiable information, or PII. The app sometimes, for instance, nudges users to provide their "precise" location versus their approximate location without explaining why it needs the data, he said. "Location data, either standing alone, or combined with other information, exposes deeply private and personal information about Temu users' health, religion, politics, and intimate relationships," Griffin said.


When it comes to allegations that Temu utilizes deceptive trade practices, Griffin said the platform uses "wildly successful" tactics to induce users to sign up, like pop-ups with wheels to spin for discounts, tokens and countdown clocks. He says Temu also offers credits and free items to users who get their friends to sign up. It also uses online influencers to lure in new users "on an even larger scale," he said.


Temu's representations as to the quality of the products it sells are also deceptive, Griffin alleges, noting that the Better Business Bureau alone has received hundreds of complaints in the past year, resulting in Temu getting a 2.1 out of 5-star rating. The lawsuit, which seeks injunctive relief and civil penalties, also asks the court to declare the companies were unjustly enriched, stating that the companies have realized billions of dollars in revenues and profits through harvesting, using and monetizing the personally identifiable information of Arkansas residents.


A Temu spokesperson told Law360 on Wednesday that they are "surprised and disappointed" that Griffin's office filed the lawsuit "without any independent fact-finding." "The allegations in the lawsuit are based on misinformation circulated online, primarily from a short-seller, and are totally unfounded," the spokesperson said. "We categorically deny the allegations and will vigorously defend ourselves." The spokesperson said that they are also "committed to the long-term and believe that scrutiny will ultimately benefit our development."


PDD Holdings did not respond to a request for comment. Arkansas is represented by Tim Griffin, Charles J. Harder, Matthew M. Ford and Brittany Edwards of the Arkansas Attorney General's Office, Philip D. Carlson, Brian E. McMath and Brian L. Moore of Nachawati Law Group, and David F. Slade of Wade Kilpela Slade. Counsel information for PDD Holdings and WhaleCo was not immediately available.


The case is State of Arkansas v. PDD Holdings Inc. et al., in the Cleburne County Circuit Court.


--Additional reporting by Allison Grande. Editing by Michael Watanabe.


 Update: This story has been updated to add a comment from Temu.


All Content © 2003-2025, Portfolio Media, Inc