Temu hits back against slavery and data abuse accusations

Chinese e-commerce giant Temu has hit back at allegations that some of its products could be made with forced labour and that it is reckless or malicious with its users’ personal data.

The online store has taken South Africa by storm in the past few months, often topping the rankings on the Apple App Store and Google Play Store.

Its delivery partner – Buffalo Logistics — recently warned customers that their deliveries could be delayed due to overwhelming demand.

The company has seen similar rapid adoption in other countries — including the US — where lawmakers have warned consumers that its products are likely to have been sourced from a part of China where forced labour is common.

In a recent response to MyBroadband, Temu said it does not own any brands or manufacture items; it is simply a marketplace.

“Temu offers a huge range of products, and clothing is just one small part,” the company said. “Temu’s focus is on connecting buyers directly with manufacturers and sellers.”

The company said this approach cuts costs and helps to avoid overproduction compared to traditional stores.

“Claims that Temu’s competitive pricing is achieved through exploitative labour practices are unfounded.”

Temu said it was dedicated to upholding ethical labour practices.

“Temu’s standards and practices align with those of major e-commerce platforms, such as Amazon, eBay, and Etsy, rendering any allegations completely ungrounded,” Temu said.

“Our third-party code of conduct forbids any form of forced, child, or penal labour and requires adherence to all local labour laws, including those related to wages, working hours, voluntary employment, freedom of association, and the right to collective bargaining,”

“Temu demands strict compliance with all regulatory standards and reserves the right to sever ties with any business that breaches our code of conduct or the law.”

Code of conduct useless without audits — US lawmakers

While the existence of Temu’s code of conduct is common knowledge, the US House Select Committee on the Chinese Communist Party described these as “boilerplate terms and conditions” in a report published in June 2023.

The lawmakers said Temu did not “expressly prohibit” the sale of goods from the Xinjiang region, where the oppressed Uyghur people live, and that it did not conduct audits or have a compliance system for confirming workplace conditions at its suppliers.

National Review also recently reported that two US senators recently called on the Biden Administration to launch an investigation into Temu.

“Temu’s goods are cheap not because of fair competition, but rather because of China’s familiar combination of intellectual-property theft, government subsidies, and human rights abuses,” Republication senator Tom Cotton said.

“For example, Temu directly copies Amazon storefronts and then sells knock-off Chinese versions of the product at a deeply discounted rate. Temu also likely benefits from the use of slave labour,” he added.

Another major concern among some cybersecurity experts is the methods that Temu uses to collect users’ personal data.

The company told MyBroadband that protecting its users’ privacy was a core principle. “Temu is upfront about how it uses data to run its platform and improve the user’s experience,” it said.

Temu explained it collected the Temu collected the “minimum” amount of information necessary to:

• Manage and complete orders
• Deliver our services and process payments
• Communicate with the user about their orders, our products, and offers that might interest them
• Personalise the user’s shopping experience and make product recommendations

“Temu is transparent about the potential collection of data. If there’s a chance it might use the user’s information for a specific purpose, Temu will clearly inform them.

This aligns with the strict standards of app marketplaces like Apple’s App Store and Google Play.

For reference, the information that Temu collects about its customers includes:

• Name and surname
• Email address
• Phone number
• Shipping address
• Payment information
• Purchase history
• Profile photos
• Comments
• Promotional preferences
• Identity verification documents (if applicable)
• Device type,
• Operating system
• IP address
• Language settings
• Unique device identifiers.

Temu did not directly address allegations that it monitored people’s browsing habits and obtained other personal data via trackers in its apps and website.

Class-action lawsuits in Australia and the United States have referred to these trackers as “spyware” and “malware”.

It also did not respond directly to its parent, Pinduoduo, having its app removed from the Google Play Store after versions of it available from alternative sources on the web contained malware.

Before this action, the company faced allegations that it had a 100-person development team working on ways to exploit vulnerabilities in Android phones and that they were behind the versions with malicious software.

The malware reportedly allowed Pinduoduo to gain access to data from other apps on users’ phones, prevented them from uninstalling Pinduoduo, and bypassed Google Play’s update verification process.

While Temu denied these allegations, Pinduoduo reportedly shut down the team shortly after Google removed the app from its Play Store and transferred most of the exploit team to Temu.

The situation with Pinduoduo has some similarities with a court case against Facebook in which documents were recently unsealed.

According to the complaint, Facebook used a VPN service it had acquired, Onavo, to harvest analytics from rival apps and services such as Snapchat, YouTube and Amazon.

Onavo was eventually shut down by Meta in 2019 after TechCrunch exposed Facebook for secretly paying teenagers to spy on their web activity.