In the dark comedy musical “Little Shop of Horrors,” a hapless florist shop worker Seymour discovers and raises an exotic plant which he names Audrey II. The plant has a unique appetite for human blood and begins to grow rapidly as Seymour feeds it. As Audrey II grows, it brings fame and fortune to Seymour, but it also demands more and more blood, leading to moral dilemmas and consequences. Ultimately, the monstrous plant becomes uncontrollable, reaches explosive growth, and successfully takes over the world, with multiple plants appearing in various locations and causing chaos. The film ends with a shot of Audrey II’s vines covering the cityscape, suggesting the plant’s world conquest and the potential destruction of humanity.
What if our top-downloaded shopping app, Temu, is our modern-day Audrey II? Temu is experiencing explosive growth in various locations, fueled by millions of Seymours – or users – worldwide. However, unlike Audrey II, which feeds on human blood, Temu thrives on our data. It is not just the Big Tech giants like Google, Instagram, Facebook, YouTube, and TikTok that have enormous power to shape our unconscious habits by collecting and manipulating user data to program us on a deeper level. Clothing e-commerce platforms, like those in the tech industry, are designed to be as addictive and revealing about ourselves. The more we shop, the larger the data set; the greater the insights about consumers, the bigger the corporation becomes.
In our context, the potential destruction of humanity may take on a different meaning. It can signify the erosion of what makes us human – our freedoms and autonomy. Put simply, the destruction of humanity equates to the invasion of our ownership rights to our Personally Identifiable Information (PII).[i] The unchecked power wielded by companies over our PII threatens these core aspects, potentially undermining the very fabric of who we are. If left unregulated, this infringement upon our privacy could prove as devastating as Audrey II, consuming our data to grow uncontrollably and exert dominance over our lives.
In the realm of fashion law, the emergence of digital platforms like Temu raises significant legal considerations regarding consumer privacy, data protection, and ethical business practices. As fashion retailers increasingly adopt e-commerce and digital marketing strategies, it is imperative for legal frameworks to swiftly adapt to these rapidly evolving technological landscapes, safeguarding the rights and interests of consumers within the fashion industry from potential threats akin to Audrey II.
Shopping Addiction Designed by Manipulation of User Data
Big Brother is watching us.
Ultra-fast fashion relies heavily on e-commerce and on data analytics to understand fashion trends, purchasing habits, and market trends. Strategies employed like SEO, social media, and targeted ads require data to attract customers and boost sales. This data-driven approach helps companies optimize products, pricing, and marketing. Consequently, e-commerce platforms like Temu can be addictive in ways similar to tech companies because they, too, often utilize strategies to keep users engaged and encourage repeated visits and purchases. For instance, both Temu and Instagram use algorithms to analyze user actions and suggest relevant content or products, while also sending notifications to encourage repeated visits and purchases.
Ultra-Fast Fashion Business Model and Global Expansion of Temu
China is rapidly becoming the market of the world.
PDD Holdings, owner of Pinduoduo and founder of Chinese e-commerce site Temu,[ii] may not have the same evil plan as Audrey II – world conquest – but we are witnessing Temu’s aggressive global expansion. Since its launch in September 2022[iii], Temu has expanded into 67 countries[iv], signifying its ambition to become a leading player in the global e-commerce market within a short span.
In the United States, for instance, Temu has quickly become a favorite among consumers for ultra-fast fashion, consistently topping app store charts and offering lower prices than its fast-fashion competitor Shein.[v] Last year, the Temu app became the most downloaded e-commerce application in the U.S. on both iOS and Android platforms, with total downloads surpassing 122 million.[vi] It even overtook TikTok as the most downloaded app in the U.S. App Store, with global downloads increasing to 31.77 million from just 450 thousand in September 2022.[vii]
Temu App: Designed to Hack and Be Hacked?
1. Improper Access to Consumer Data
With great power comes great data.
Temu’s rapid rise in the U.S. market, surpassing major global apps in user numbers, has raised concerns about its privacy practices, echoing Pinduoduo’s past malware issues.[viii] Cybersecurity experts classify the Pinduoduo app as malware, as it bypassed phone security measures to monitor activity on other apps, check notifications, read private messages, and alter settings.[ix] Moreover, most of the engineers who developed these data-collecting exploits without user consent work for Temu.[x]
Currently, Temu is facing class action lawsuits in New York and Illinois over data privacy. Plaintiffs allege that Temu embeds spyware and malware to collect sensitive information.
The New York lawsuit claims Temu’s app uses “self-compiling software” to bypass malware detection and steal private data, as warned by the Better Business Bureau.[xi] Temu extensively collects personal information, including names, phone numbers, addresses, birthdates, social media photos, and social security numbers, as well as automatically collects data from users’ phones, tablets, or laptops, such as operating system details, browsing history, and location data.[xii]
The Illinois lawsuit asserts that Temu’s app exceeds authorized data access, with experts stating that the app grants Temu access to “literally everything on your phone”[xiii] and labeling it “the most dangerous malware/spyware package currently in widespread circulation.”[xiv]
2. Unauthorized Secondary Use of Personal Information
Data is as valuable as money.
Plaintiffs also allege that Temu’s cost-cutting compromised security, making personal information vulnerable to hackers.[xv] If true, Temu is not only a dangerous spyware tool but also overcharges consumers by denying them the privacy protections they paid for.[xvi]
We expect online vendors to follow industry-standard measures to protect our PIII as part of the services we purchase. Identity theft involves using personal information without authorization to commit fraud.[xvii] Thieves can open new accounts, receive benefits, and incur charges in the victim’s name, harming credit ratings and requiring significant time and effort to resolve.[xviii]
Today, personal information is a valuable commodity. Companies monetize user data by selling it to advertisers, marketers, and data brokers. These entities have great incentives to pay significant amounts for access to user profiles, preferences, behavior patterns, and other valuable insights. Some now offer consumers the option to sell their information, giving individuals more control over their data and its recipients. [xix]
Broader Implications of Chinese Technology’s Expanding Global Role
Many a little makes a mickle.
In a recent report from the U.S.-China Economic and Security Review Commission, Policy Analyst Nicholas Kaufman highlights the challenges presented by Chinese “fast-fashion” platforms such as Shein and Temu. These platforms, along with other emerging Chinese e-commerce companies like Cider, Urbanic, ChicV, Doublefs, Cupshe, and JollyChic, are aiming to enter the U.S. market by emulating the strategies of Shein and Temu.[xx] Given the rapid growth of Shein and other Chinese e-commerce firms in the U.S., he warns the U.S. government to ensure that these companies comply with U.S. laws and regulations and do not gain unfair advantages over American firms.[xxi]
Indeed, China is expanding its presence in global markets, gradually gaining significant influence and economic power. Each small advancement in market share, consumer base, and brand recognition contributes to a larger, more influential presence on the world stage. This incremental approach allows China to effectively utilize its soft power, demonstrating its ability to shape global markets and consumer behavior through consistent, small-scale efforts that collectively have a substantial impact.
Therefore, security officials have valid reasons to be concerned about the rapid rise of Temu in the West, prompting countries to reconsider their reliance on Chinese technology. Since technology has become a central tool for exerting influence, allowing data to be accessed by an authoritarian government with conflicting national security and economic interests may have long-term detrimental consequences.
Conclusion
The impact of Temu may not be as dire as Audrey II’s world domination. Nevertheless, mobile apps are integral to modern life, and online retailers like Temu possess the capability and the data to entice us and shape our addictive shopping behaviors. Yet, more significantly, they can wield control over our PII, manipulate our choices, invade our privacy, and compromise our security. In essence, the unchecked collection and misuse of PII by companies like Temu could result in a society where privacy is obsolete, and personal autonomy is undermined.
However, Temu is not the only “Audrey II” out there. Similar entities exist globally in various digital guises. What they share in common is the presence of their apps on our smartphones, eagerly awaiting installation and feeding on our data.
So, what’s your Audrey II? That digital stalker who knows too much about you.
Many vital things in life elude the naked eye: the air we breathe, the love we share, the beliefs that guide our actions, the lost soul longing to be saved.
And your data, adrift somewhere, in that little shop of horrors.
References:
[i] Martin A. Nemzow, Requiring Personal PII Ownership, Fed. Trade Comm’n, (July, 1, 2010), https://www.ftc.gov/sites/default/files/documents/public_comments/preliminary-ftc-staff-report-protecting-consumer-privacy-era-rapid-change-proposed-framework/00191-57181.pdf.
[ii] Compl. ¶ 29-30, Hu v. Whaleco, No. 1:23-cv-06962 (E.D.N.Y. Sept. 20, 2023).
[iii] BETTER BUS. BUREAU, https://www.bbb.org/us/ma/boston/profile/online-shopping/temucom-0021-553943 (last visited May 25, 2024).
[iv] Region Setting, TEMU, https://www.temu.com/bgp_region_setting.html (last visited May 25, 2024).
[v] Hu v. Whaleco, ¶ 21.
[vi] Explore Top Temu Statistics (2024), ANALYZIFY, https://analyzify.com/hub/temu-statistics (last updated Apr. 17, 2024).
[vii] Id.
[viii] Hu v. Whaleco, ¶ 31.
[ix] Id. at 33.
[x] Id. at 34.
[xi] Id. at 37, 53.
[xii] Id. at 53.
[xiii] Id. at ¶ 5.
[xiv] Id. at ¶ 7.
[xv] Hu v. Whaleco, ¶ 3, 5.
[xvi] Id. at 73.
[xvii] U.S. Gen. Accountability Office, GAO-07-737, Data Breaches Are Frequent, But Evidence Of Resulting Identity Theft Is Limited; However, The Full Extent Is Unknown, U.S. Gov. Accountability Office, http://www.gao.gov/new.items/d07737.pdf (June 2007).
[xviii] Id.; Hu v. Whaleco, ¶ 62, 74.
[xix] Hu v. Whaleco, ¶ 69.
[xx] Nicholas Kaufman, Shein, Temu, and Chinese E-Commerce: Data Risks, Sourcing Violations, and Trade Loopholes, U.S.-China Econ. & Sec. Review Comm’n, (Apr. 14, 2023), https://www.uscc.gov/sites/default/files/2023-04/Issue_Brief-Shein_Temu_and_Chinese_E-Commerce.pdf.
[xxi] Id.
Note: The views expressed above are of the Author.