Arkansas AG Files Suit, Labels Temu a Data-Theft Business

Tim Griffin, Arkansas Attorney General, did not mince words when he filed a lawsuit against the parent companies of Temu, stating in a press release, Temu is not an online marketplace like Amazon or Walmart. It is a data-theft business that sells goods online as a means to an end.” He further commented that, “…Temu is functionally malware and spyware.” The 51-page complaint was filed against WhaleCo. Inc. d/b/a Temu, and its owner, Chinese e-commerce company PDD Holdings Inc. Like General Griffin’s press release, the complaint leaves little to the imagination about the state’s feelings toward the popular online shopping platform, which, according to the complaint, was the most downloaded app in the United States in 2023 and is responsible for tens of millions of shipments into the country each year.

Arkansas brought the action pursuant to the Arkansas Deceptive Trade Practices Act (ADTPA), which prohibits deceptive and unconscionable business practices, and the Arkansas Personal Information Protection Act (PIPA), which requires businesses protect data concerning Arkansas residents with reasonable security practices. Numerous allegations by the state against Temu regarding app user personal information include that it is:

  • Using the inducement of low-cost Chinese-made goods to lure users into unknowingly providing near-limitless access to their PII,
  • Misleading users regarding how it uses their data,
  • Not allowing users to avoid being tracked on the internet,
  • Collecting virtually limitless amounts of data, and in addition to Bluetooth and Wi-Fi access, gaining full access to user contacts, calendars, and photo albums, plus all social media accounts, chats, and texts,
  • Gaining permission from user devices upon app installation to subsequently install any further program it wishes without user knowledge or control,
  • Obtaining personal information in a way that is purposely secretive and intentionally designed to avoid detection,
  • Providing or selling user data to unauthorized third parties or using user data in a way that users did not authorize,
  • Potentially harvesting data of non-users who have communicated with users, and
  • Subjecting user data to misappropriation by Chinese authorities.

The state cites reports and third-party research throughout its complaint to support its claims against Temu. Temu, in response, said the company was surprised and disappointed” by General Griffin filing the lawsuit without what the company called any independent fact finding.”

In addition to the allegations regarding privacy harms of the app, the state claims defendants make deceptive representations about the quality of the goods sold, which it says are frequently counterfeit, and that users experience undelivered packages and poor customer service. The state further claims Temu uses false-reference pricing,” in which a retailer represents to a prospective customer that a product is on sale at a steep discount when the discounted price” is the product’s regular market price. The state’s allegations against Temu also include the use of fake and deceptive reviews, a concern to many AGs, and the claim that Temu failed to take adequate measures to protect minors, among others.

The state requests the court preliminarily and permanently enjoin defendants from treating Arkansas consumers unlawfully, unconscionably, and deceptively as described in the complaint, plus requests civil penalties and other monetary and equitable relief. Temu said, We categorically deny the allegations and will vigorously defend ourselves.”

Arkansas is not the only state concerned about Temu’s practices. In 2023, Montana banned the download of the Temu app (and a handful of other apps) on devices issued by the state or connected to the state network based on its affiliation with foreign adversaries. The state also banned third-party firms conducting business for or on behalf of the state of Montana from using Temu and the other apps in question.

This action demonstrates the breadth of authority provided to state AGs, especially related to consumer protection. AGs routinely use UDAP laws to bring expansive matters, which can evolve from looking at one issue into many. Here, while there is much attention to the allegations related to Temu’s data collection and security practices, the other general UDAP violations on the quality of products and fake reviews show how multiple areas of misconduct claims will be addressed by AGs. All of these areas continue to be a hot topic for state AGs, as are companies with foreign affiliations thought of as problematic. As we have discussed many times before, the AGs often work together in their missions to protect consumers; only time will tell if more AGs follow with complaints against the popular shopping app.