The State of Arkansas has filed a significant lawsuit against the Chinese e-commerce platform Temu, accusing it of severe privacy violations and deceptive trade practices. The lawsuit, spearheaded by Arkansas Attorney General Tim Griffin, was filed in Cleburne County Circuit Court on July 1, 2024. It alleges that Temu, which is owned by the multinational company PDD Holdings Inc., illegally accessed and exploited the personal data of millions of Americans, including Arkansas residents.
The core accusations against Temu include it operating as malware disguised as a shopping app to exfiltrate user data without their consent. Specific claims highlight that the app collects sensitive information such as contacts, messages, photos, and precise GPS location. Moreover, Temu is accused of utilizing hidden code to avoid detection, making false statements about its data policies, and potentially exposing American data to the Chinese government due to PDD Holdings' ties to China.
Temu has firmly denied these allegations, labeling them unfounded and based on misinformation propagated online, particularly by a short-seller. A Temu spokesperson, speaking with Ars Technica, asserted that the claims are "totally unfounded."
The lawsuit also tackles numerous deceptive trade practices beyond the alleged privacy violations. These include misleading advertisements claiming high-quality products when users often receive substandard or counterfeit items, bait-and-switch pricing tactics, fake reviews incentivized by the platform, and aggressive referral spam pushing users to recruit others.
Should the state succeed in proving its case, Temu could face steep penalties, including civil fines up to $10,000 per violation under the Arkansas Deceptive Trade Practices Act (ADTPA), restitution for consumers, and disgorgement of ill-gotten gains. The state seeks to impose injunctions that would force Temu to reform its practices, enhance its data security, and cease deceptive marketing strategies.
A win for Arkansas could significantly bolster data privacy rights for consumers, setting a precedent for transparency and control over personal information. This case might also deter other tech companies, compelling them to clean up their data practices to avoid similar legal actions. Additionally, it could prompt closer scrutiny of foreign entities handling U.S. data, particularly concerning potential Chinese government surveillance.
