Arkansas AG Alleges Temu Uses E-Commerce App for Unlawful Data Access

  • Arkansas AG Tim Griffin has filed a lawsuit against PDD Holdings Inc. and WhaleCo Inc., d/b/a Temu, alleging that Temu’s popular online shopping app operates as malware that is designed to gain unauthorized access to users’ data in violation of the state’s Deceptive Trade Practices Act and the Personal Information Protection Act.
  • According to the complaint, Temu’s app is designed to surreptitiously gain unrestricted access to a user’s phone operating system—including camera, microphone, geolocation data, contacts, calendars, text messages, documents, and other applications—and collects far more sensitive user data than is necessary for the purpose of online shopping, including for users who are minors.  AG Griffin also alleges that Temu’s privacy policy fails to adequately disclose the scope of access and data collected, that user data is then subject to use by the Chinese government, and that the company utilizes a number of other deceptive practices such as false discounts, sign-up scams, fake reviews, and gamification, among other things.
  • The lawsuit seeks declaratory and injunctive relief, civil penalties, and other relief.