Temu Lawsuits Allege App Invades Privacy & Exposes Data 2024

The current Temu lawsuits allege the app violates user privacy, exposes sensitive financial information to data breaches and is a national security threat.

Reviewed By Adam Ramirez, J.D.


Read in 5 mins
Temu Lawsuits Allege App Invades Privacy & Exposes Data 2024


  • Temu is accused of exposing user data and financial information
  • Lawsuits allege the app violates privacy laws and installs spyware on devices

If you use social media, you've probably seen ads for Temu. Since its launch in 2022, the Chinese discount retailer has enticed over 100 million users. Many of these users have installed the free mobile app, which makes shopping for clothing, household goods and other items easier. Two class-action lawsuits allege the app also makes it easier for criminals to access user data, financial information, and sensitive material.

Do I Qualify for

Accident Compensation?
Free Case Review

What Are the Lawsuits Against Temu About?

Previous lawsuits against Temu have revolved around the quality and safety of their products. Two recently-filed federal lawsuits contain allegations raising serious privacy concerns and questioning the security of user data.

  • Eric Hu, on behalf of himself and others similarly situated v. WhaleCo, Inc. d/b/a Temu was filed on September 20, 2023, in the U.S. District Court for the Eastern District of New York.
  • Jehan Ziboukh, et al., on behalf of themselves and all others similarly situated v. WhaleCo, Inc. d/b/a Temu and PDD Holdings, Inc. f/k/a Pinduoduo Inc. was filed on November 3, 2023, in the U.S. District Court for the Northern District of Illinois.

Both cases allege that the shopping app violates state and federal privacy laws and consumer protection laws. They allege Temu intentionally concealed the app’s malicious intent and invasiveness and engaged in other deceptive consumer practices.

What Are the Claims in the New York-based Lawsuit Against Temu?

The proposed New York class action alleges that Temu violated federal law by:

  • Failing to secure its users' personal data, including their identities, locations, financial information and biometrics data (fingerprints), exposing them to data breaches
  • Knowingly failing to abide by industry safety standards and security measures
  • Tracking its users browsing activity and communications in violation of the federal Wiretap Act (18 U.S.C. §2511)
  • Violating the Electronic Communications Privacy Act (18 U.S.C. §2510 et seq.)
  • Violating the Computer Fraud and Abuse Act (18 U.S.C. §1030 et seq.)
  • Violating New York State consumer fraud protections

The Complaint alleges that Temu's mobile app installs "spyware" software on users' devices that circumvents the device's malware detection capabilities. This allows the Temu app to access all of the data and functionalities of the device. Not only can the app access the pictures, passwords and files stored on or accessed by the device, but it can also spy on a user in real time.

In addition to nefariously obtaining this overbroad collection of data, Temu fails to secure or safeguard it from outside threats. Unprotected data exposes users to identity theft, data breaches and financial exploitation. Once that information is available to potential thieves, the risk of fraudulent use continues indefinitely.

Even more unsettlingly, Temu's conduct threatens our national security. China's Cybersecurity Law obligates Critical Information Infrastructure (CII) operators to provide the government with unobstructed access to their data. This could give the Chinese government access to a staggering amount of sensitive information on devices used by U.S. government officials, members of the military and ordinary citizens.

What Are the Claims in the Illinois-Based Lawsuit Against Temu?

The proposed Illinois class action is substantially similar to the New York action. It alleges that Temu violated federal law by:

  • Collecting excessive personal data from its users ("literally everything on your phone")
  • Failing to obtain proper user consent by misleading users
  • Utilizing deceptive practices to maximize its access to user data
  • Making user data vulnerable to misappropriation by Chinese authorities

It also asserts other claims based on state laws, because the plaintiffs representing the class are from Illinois, California, Massachusetts and Virginia. These include claims for violating Massachusetts' right to privacy law (Mass. Gen. Laws Ch. 214, § 1B) and Illinois's Biometric Information Privacy Act (740 ILCS 14/1, et seq.).

The significant difference is that the Illinois lawsuit names Temu's Chinese parent company as a defendant, alleging that PDD Holdings, Inc. directly controls Temu's operations.

Temu Class Action Lawsuit Update

Thousands of lawsuits are filed in the U.S. every year. When many similar cases are filed, the court may allow them to proceed as a class action lawsuit. Only a single person or small group of plaintiffs is directly involved in the court case, but any judgment or settlement will apply to everyone else who suffered similar harm. Right now, both cases have asked for class certification but have not yet gotten the green light to proceed as such.

Temu petitioned the New York court to dismiss the case, citing a provision in the app's user agreement that all claims must be settled in arbitration. This would end the New York class action. Users would be able to individually arbitrate claims against the company, but the expense and difficulty of this process would discourage many from going forward. Plaintiffs are in the process of amending their complaint, so this issue remains unresolved.

The Illinois case may have a better chance of surviving a similar motion because it names Temu's parent company, PDD Holdings, Inc. Attorneys for the potential class will argue that users did not enter into any agreements with PDD Holdings, Inc. and should not be forced to arbitrate their claims.

If either case survives the motion to dismiss, the parties will begin discovery and move towards trial. Meanwhile, a Congressional representative from Florida has called on the Federal Trade Commission (FTC) to investigate Temu's ties with the Chinese Communist Party. On April 14, 2024, the U.S.-China Economic and Security Review Commission released a brief outlining numerous concerns about the company and recommending Congress take immediate action.

Jamie Pfeiffer, J.D.'s profile picture

Jamie Pfeiffer, J.D.


She writes accessible, engaging content to demystify everyday legal issues for all readers and is passionate about food, wine, and travel.

Frequently Asked Questions

  • Malware and spyware in the Temu app may allow it to access everything stored on your phone (images, videos, passwords, financial information, etc.), real-time audio and video data, location information and communications. Misuse of this data can lead to identity theft and financial losses for users. It also poses national security risks if the Chinese government can access millions of Americans' sensitive data.

  • Yes. Although Temu claims they have taken steps to protect user data, the number of reported concerns and the potential dangers weigh against using the app. In addition to deleting the app, you may want to take additional steps to ensure its malware and spyware don't linger on your device. Consult with a cell phone technician about the security measures you can take to make sure your phone is 100% free of any lasting effects.

  • Probably not. Using Temu allows the app to access sensitive personal and financial information, which may not be secure from hackers and data breaches. In addition to issues with the app itself, the Better Business Bureau has fielded hundreds of complaints related to the safety of the products sold on the app.

Stay up to date

Get updates on all of our legal news on lawsuits, research and legal updates.