The Temu Trap: Arkansas Lawsuit Alleges the App Lured Users into a Data Privacy Nightmare

Arkansas v. Temu: The Privacy Protection Battle

Arkansas's lawsuit against Temu, the Chinese e-commerce sensation, alleges appalling privacy abuses affecting millions of Americans. The case's outcome could dramatically reshape data rights and corporate accountability in the digital age.

July 1, 2024

The State of Arkansas recently filed a major lawsuit against Temu, the popular e-commerce platform, and its parent companies alleging egregious privacy violations and deceptive trade practices. This guide breaks down everything you need to know about the case from a legal perspective, including the parties, claims, laws, potential penalties and more.

With Temu exploding in popularity, attracting over 100 million app downloads in just nine months, the outcome of this high-stakes litigation could have profound impacts on consumers, data rights, and the e-commerce industry. Get up to speed on all the essential facts and issues.

1. Understand the Parties Involved

    • Plaintiff: The State of Arkansas, through Attorney General Tim Griffin, representing the interests of Arkansas consumers.
    • Defendant: PDD Holdings Inc., a multinational e-commerce company that was founded in China as Pinduoduo Inc. and recently moved its registered headquarters to Ireland.
    • Defendant: WhaleCo Inc., a Delaware corporation doing business as Temu, the fast-growing online marketplace at issue in the lawsuit.
    • Relationship: PDD Holdings owns and controls Temu through various subsidiaries and closely entwined corporate entities.
    • Jurisdiction: Arkansas state court, as the alleged harms and violations occurred through Temu’s substantial business activities in the state.


    • Pinduoduo was founded in 2015 by ex-Google engineer Colin Huang and has grown into one of China’s largest e-commerce platforms.
    • PDD Holdings launched Temu in the U.S. in 2022 as the overseas version of Pinduoduo, offering cheap unbranded Chinese goods.
    • Temu has enjoyed meteoric growth fueled by rock-bottom prices and massive ad campaigns, including multiple 2024 Super Bowl spots.
    • Amid rapid U.S. expansion, PDD Holdings recently changed its registered headquarters from Shanghai to Dublin.
    • The lawsuit alleges PDD and Temu operate as a single enterprise and that PDD directs and controls Temu’s activities.


    • Arkansas is taking on a tech behemoth that has enjoyed largely unchecked growth and access to millions of Americans’ personal data.
    • The relationship between Temu, PDD and China raises concerns about the Chinese government potentially accessing Americans’ private information.
    • PDD/Temu’s recent HQ move and corporate structure underscore the complexities of regulating multinational tech giants.
    • As a state AG, Tim Griffin has broad consumer protection authority to investigate and litigate on behalf of Arkansans.
    • With jurisdiction firmly in Arkansas court, the state can pursue strong remedies if violations of state law are proven.

Key Laws:

    • Arkansas Deceptive Trade Practices Act (ADTPA): Prohibits unfair, misleading and unconscionable business practices.
    • Arkansas Personal Information Protection Act (PIPA): Requires companies to safeguard Arkansas residents’ sensitive data.
    • Unjust Enrichment: A common law claim to recover ill-gotten gains from wrongful acts at others’ expense.

2. Recognize the Core Claims Against Temu

    • Deceptive App: Temu is actually malware designed to exfiltrate user data while masquerading as a shopping platform.
    • Undisclosed Tracking: The app collects vast troves of sensitive user information without consent, including contacts, messages, photos and precise GPS location.
    • Evasive Practices: Temu uses hidden code and dynamic permissions to avoid detection of its spying capabilities by users, researchers and app store reviewers.
    • False Statements: Temu makes misrepresentations about its data practices in its privacy policy, terms and public comments.
    • Sharing With China: Americans’ data is exposed to seizure by the Chinese government under laws compelling cooperation from entities like PDD/Temu.


    • The app has hidden tools to extract nearly all private data on a user’s device and perform malicious actions via remote triggers.
    • Temu seeks to access users’ photos, contacts, credit card info and real-time GPS location data, often without clear notice or consent.
    • Researchers found the app probes to see if a device has “root” access, which could enable Temu to secretly override user privacy settings.
    • Temu’s privacy policy claims it only collects “approximate” location, but forensics show it grabs precise GPS coordinates.
    • Chinese laws like the National Security Law compel all organizations and citizens to assist in state intelligence efforts.


    • Temu’s alleged data practices violate Arkansas residents’ privacy rights and autonomy over their personal information.
    • The deceptive conduct induces more downloads, which compounds the number of people exposed to data theft.
    • By dodging detection, Temu avoids scrutiny from users, app stores and regulators while continuing to amass data.
    • False statements prevent consumers from making fully informed choices about whether to use Temu and what data to share.
    • Exposing Arkansans’ private data to an adversarial government could enable surveillance, manipulation or other abuses.

Key Statutes:

    • ADTPA 4-88-107: Prohibits false representations, ad intent, exploitation, and unconscionable practices.
    • ADTPA 4-88-108: Bans concealment, suppression or omission of material facts meant to induce reliance.
    • PIPA 4-110-104: Requires businesses to implement reasonable security procedures to protect personal info.

3. Understand Separate Deceptive Trade Practice Claims

    • Product Misrepresentations: Falsely claiming Temu sells “the best products” from “world-class manufacturers” when goods are often low-quality and counterfeit.
    • Bait-and-Switch Pricing: Luring shoppers in with steep discounts from inflated “reference” prices that weren’t legitimate to begin with.
    • Fake Reviews: Paying users for positive reviews, skewing the ratings, and disguising negative reviews under 5-star labels.
    • Referral Spam: Incessantly pushing users to enroll their friends and bombarding shoppers who try to opt out of messages.
    • Targeted Marketing to Kids: Using animated ads, magic themes and young-looking influencers to appeal to children and entice them to make purchases.


    • Products arrive looking far different than the photos on Temu, and many blatant counterfeits like fake Air Jordans persist on the site.
    • Temu displays “slashed” prices to create a false sense of big savings, but the original prices cited were never truly offered.
    • Reviewers get free products and credits for 5-star write-ups, and some obviously negative reviews still get tagged as 5-stars.
    • Users who signed up keep getting spammed to recruit their contacts, even if they’ve deleted the app and tried to unsubscribe.
    • Temu’s “magic wand” Super Bowl ad featured a young female magically manifesting Temu goods for everyone she encountered.


    • Consumers are misled into thinking they’re getting amazing deals on top-notch goods, only to receive junk.
    • False discounts manipulate shoppers’ perceptions of the value they’re getting and their purchasing decisions.
    • Fake and incentivized reviews prevent consumers from getting accurate info to assess products and make informed choices.
    • Referral spam takes advantage of users’ connections to proliferate Temu signups and pressures people to spread the app.
    • Kid-friendly ads, goods and themes entice children who are more vulnerable to manipulation to use the app and spend money.

Key Statutes:

    • ADTPA 4-88-107(1): Bans false representations about product characteristics, ingredients, uses, benefits, alterations, etc.
    • ADTPA 4-88-107(3): Prohibits ad intent not to sell items as advertised, aka bait-and-switch.
    • ADTPA 4-88-107(10): Catch-all ban on any other unconscionable, false or deceptive practices.

4. Grasp the Potential Penalties & Remedies

    • Injunctions: Court orders prohibiting Temu from continuing its deceptive practices and requiring corrective actions.
    • Civil Penalties: Fines of up to $10,000 per violation of the ADTPA, which could add up given Temu’s millions of users.
    • Restitution: Refunds or monetary relief to Arkansas consumers to recoup their losses from Temu’s practices.
    • Disgorgement: Forfeiture of Temu’s ill-gotten gains and profits to prevent unjust enrichment at Arkansans’ expense.
    • Fees & Costs: Defendants may have to pay the state’s attorney fees and costs if Arkansas prevails.

Injunctive Relief:

    • Ban Temu from using deceptive interfaces that conceal its data collection or make it hard for users to reject permissions.
    • Prohibit false or misleading statements about Temu’s data practices in its policies, ads, website, app and other content.
    • Require Temu to disclose all data it has collected and shared about Arkansas users and give them the chance to delete it.
    • Order Temu to beef up its data security to prevent unauthorized access by the Chinese government or other third parties.
    • Mandate that Temu stop tactics like referral spam, fake reviews and bait-and-switch pricing that are found deceptive.

Monetary Relief:

    • Any user deceived into signing up for Temu due to misrepresentations about its data practices may be entitled to restitution.
    • Arkansans who bought shoddy goods based on inflated reference prices, fake reviews or false claims could get refunds.
    • Consumers plagued by referral spam texts and emails may have funds for their lost time and frustration pursuing remedies.
    • The state could disgorge Temu’s unjust profits from deceptive practices to deter misconduct and fund consumer programs.
    • If the state wins, Temu may owe civil penalties that grow with each user affected, plus the AG’s litigation expenses.

Bottom Line:

    • Arkansas can pursue powerful injunctive remedies to force Temu to reform its practices and protect consumers.
    • With millions of app installs, civil penalties alone could reach 9 or 10 figures at $10k per ADTPA violation.
    • Restitution, refunds and disgorgement aim to make Temu give up its ill-gotten gains and make duped users whole.

5. Consider the Implications for Consumers & the Industry

    • Stronger Data Rights: A win for Arkansas could force greater transparency and control over personal info for consumers.
    • Deterrent Effect: Steep fines and strict injunctions could make other apps clean up their data practices to avoid similar lawsuits.
    • Scrutiny of Chinese Ties: Attention on PDD/Temu’s China links may prompt closer oversight of how foreign entities handle U.S. data.
    • Fairness in E-Commerce: Reining in fake reviews, bait-and-switch, and spam could help level the playing field for sellers and shoppers.
    • Protecting Kids: Constraining kid-oriented marketing for adult platforms could safeguard children from exploitation and excess consumerism.

Potential Outcomes:

    • Court rulings or settlement terms could set standards for how clearly apps must disclose data practices to obtain consent.
    • Other states may piggyback on Arkansas’s case to multiply the liability Temu faces and make its reforms more far-reaching.
    • Federal lawmakers and regulators could seize on the case to push broader data privacy bills or investigate China ties.
    • E-commerce platforms may proactively prohibit tactics like review manipulation, list price inflation and referral spam.
    • More app stores and ad networks may restrict marketing to minors or require strict age checks to prevent youth targeting.

Obstacles & Limitations:

    • Temu may raise jurisdictional challenges, argue Chinese law controls, or use its complex corp. structure to evade liability.
    • Novel digital harms to privacy & autonomy can be hard to quantify vs. concrete monetary losses, potentially limiting damages.
    • With its deep pockets, Temu may aim to drag out litigation, drain state resources & push for a lowball settlement.
    • Temu’s partnerships with legit suppliers & its “zero tolerance” policies provide cover to claim it’s addressing issues.
    • Blurred lines between “kid-friendly” & “kid-targeted” marketing could limit remedies unless overtly youth-focused.

The Big Picture:

    • The Arkansas v. Temu case reflects escalating tensions over Big Tech’s data practices, foreign ties & effects on vulnerable users.
    • It tests the power of state AGs to take on tech giants engaging in deceptive trade practices that harm their citizens.
    • As a bellwether, it could accelerate legislative & regulatory action to rein in privacy abuses & level the e-commerce playing field.

Summary of Arkansas v. Temu Lawsuit

Robot in a city street with Temu and lawsuit signs

In a case with major implications for consumer data rights & e-commerce fairness, the State of Arkansas is taking on Chinese retail giant Temu for alleged privacy violations & deceptive practices impacting millions of Americans.

The Arkansas Attorney General’s lawsuit against Temu, Pinduoduo, and parent company PDD Holdings spotlights critical issues around data privacy, tech platform accountability, and the global reach of China’s corporate players. With Temu’s meteoric U.S. growth, the case outcome could have resounding impacts.

At its core, the state alleges Temu’s app is essentially malware designed to siphon users’ private data while masquerading as an e-commerce platform, and that its deceptive practices violate Arkansas’s strong consumer protection laws. Beyond statutory penalties, injunctions and damages, the suit’s broader goals appear to be forcing greater transparency around data practices, restraining abuses, and deterring other bad actors.

While Temu may have defenses, the lawsuit sends a clear signal that states aim to assert their authority to protect citizens’ digital rights and police the boundaries of fair commerce. The litigation bears close watching for the precedent it could set.

You Don’t Have to Face Legal Challenges Alone. LawInc Concierge is Here to Help – For Free.

Legal issues are stressful, whether you’re dealing with a privacy violation like in the Temu case, a personal challenge like a car accident or divorce, or any other legal matter. The process can feel overwhelming, and many people don’t know where to start or how to find the right attorney for their needs. That’s why we created LawInc Concierge – to provide free, personal guidance to anyone who needs it.

With a single call to LawInc Concierge, you’ll be connected with a concierge attorney who will listen to your situation, help you understand your rights, and match you with a vetted attorney who specializes in cases like yours. Our service is completely free and confidential, and we work with top-rated lawyers across all 50 states and every area of law.

Don’t spend another day feeling lost, alone, or powerless in the face of your legal challenges. You have an ally ready to guide you to the help you need.

Legal Help for all of your legal needs.

Contact LawInc 24/7 for legal help with any situation.

Your LawInc Concierge will facilitate your introduction to your new attorney and remain available to support you throughout your case. We’ll check in regularly to ensure you’re getting the help you need and that your case is progressing as it should. With LawInc Concierge, you’ll never feel lost or alone in the legal process.

Test Your Lawsuit Knowledge

Questions: Parties, Jurisdiction & Structure

    • 1. Who is the plaintiff in the lawsuit against Temu and PDD Holdings?
      • A) The federal government
      • B) A class of Temu users
      • C) The State of Arkansas
      • D) A competing e-commerce company
    • 2. Under what authority is Arkansas bringing the case?
      • A) Its power to conduct criminal prosecutions
      • B) Federal authorization to enforce U.S. law
      • C) The Attorney General’s consumer protection mandate
      • D) Citizen petition compelling the state to investigate
    • 3. Where was the case filed?
      • A) Federal district court
      • B) Arkansas state court
      • C) Irish commercial court
      • D) Chinese provincial court
    • 4. What is the relationship between the defendants Temu and PDD Holdings?
      • A) Competitors
      • B) Unrelated businesses
      • C) Parent and subsidiary
      • D) Joint venture partners
    • 5. Why did PDD Holdings recently move its headquarters from China to Ireland?
      • A) To access EU markets
      • B) Because of a Chinese government mandate
      • C) In response to employee preferences
      • D) Amid growing scrutiny of its Chinese ties

Answers: Parties, Jurisdiction & Structure

    • 1. C) The State of Arkansas, through Attorney General Tim Griffin, is the plaintiff suing PDD Holdings and its Temu subsidiary.
    • 2. C) AG Griffin is exercising his authority to bring consumer protection actions on behalf of the state and its citizens under Arkansas law.
    • 3. B) The lawsuit was filed in Arkansas state court, not federal court, and asserts violations of Arkansas law.
    • 4. C) PDD Holdings is the China-founded parent company that owns and controls Temu through a network of subsidiaries.
    • 5. D) PDD Holdings likely moved its HQ to Ireland in an effort to downplay its Chinese roots amid growing regulatory scrutiny and concern over its data practices and government ties.

Questions: Claims, Remedies & Implications

    • 1. What are the key allegations regarding Temu’s data practices?
      • A) Collecting user data without consent
      • B) Using hidden code to evade detection
      • C) Enabling access by the Chinese government
      • D) All of the above
    • 2. Which of the following is NOT an alleged deceptive trade practice cited in the lawsuit?
      • A) Selling counterfeit goods
      • B) Inflating reference prices
      • C) Violating import/export regulations
      • D) Manipulating reviews
    • 3. What main Arkansas laws does the state claim Temu violated?
      • A) Deceptive Trade Practices Act & Personal Information Protection Act
      • B) Consumer Product Safety Act & Uniform Commercial Code
      • C) Child Online Privacy Protection Act & Unfair Competition Law
      • D) Data Breach Notification Act & Fair Credit Reporting Act
    • 4. Which of the following remedies is Arkansas NOT seeking in the lawsuit?
      • A) Injunctions against continued violations
      • B) Civil penalties
      • C) Criminal fines and jail time for executives
      • D) Restitution for affected consumers
    • 5. How might the case impact the e-commerce and data privacy landscape if Arkansas prevails?
      • A) Push other states and Congress to investigate platforms’ data practices
      • B) Deter other apps and sites from using “dark patterns” and deceptive interfaces
      • C) Spur more robust disclosures about companies’ Chinese government ties
      • D) All of the above

Answers: Claims, Remedies & Implications

    • 1. D) The complaint asserts Temu collects user data without consent, uses evasive techniques to avoid detection, and enables the Chinese government to access the data, among other concerning practices.
    • 2. C) While the lawsuit alleges selling counterfeits, price inflation/bait-and-switch tactics and manipulating reviews, import/export violations are not a focus of the state’s deceptive trade practice claims.
    • 3. A) The core claims are brought under the Arkansas Deceptive Trade Practices Act for unfair and unconscionable business acts, and the Personal Information Protection Act for failure to safeguard user data.
    • 4. C) Arkansas is pursuing strong civil remedies like injunctions, penalties, restitution and disgorgement of Temu’s ill-gotten gains, but is not seeking criminal fines or executive imprisonment, which would fall outside the case’s consumer protection scope.
    • 5. D) A decisive win for Arkansas could spur Congressional and state action on Big Tech data abuses, deter the use of “dark patterns” and other deceptive practices, and increase scrutiny of Chinese players’ activities and required cooperation with China’s government.


This article discussing the Arkansas v. Temu/PDD Holdings lawsuit is provided for general informational and educational purposes only. The legal analysis is based on the writer’s review of the state’s complaint and other publicly available sources as of the publication date.

This content does not constitute formal legal advice and does not create an attorney-client relationship. Laws and case facts may evolve over time. For the most current information and counsel on how the lawsuit may impact your rights and interests, please consult a licensed attorney in your jurisdiction.

Also See

Algorithmic Anthem or Copyright Cacophony? The Billion Dollar Lawsuits That Could Silence AI’s Musical Revolution

Texas Widow Sues Mexican Resort Over Husband’s Hot Tub Electrocution Death

iDiscriminate? Unpacking the Explosive Gender Bias Lawsuit Against Tech Giant Apple