Quebec lawyer plans biometric data privacy lawsuit against ecommerce app Temu

Concerns have been raised by Montreal lawyer Andrea Grass regarding the privacy and security practices of Temu. Grass has alleged that the Chinese company has been collecting biometric information from their customers without proper authorization. This includes facial recognition patterns, fingerprint data, and voice recognition details.

Maude Samson, a senior consultant at National Public Relations, states that the complaint against Temu is based on a report by short-seller Grizzly Research. However, Samson has also noted that the report is speculative and suggests that the allegations may not have a solid factual basis.

During an interview with CTV News, Andrea Grass emphasizes on the complex corporate structure of the involved entities. The defendant, WhaleCo, operates in both Boston, U.S. and British Columbia, Canada, and is a subsidiary of PDD Holdings Inc. – a Chinese company with a significant corporate presence in Ireland.

The global reach of these organizations adds to the complexity of the matter, as varying legal systems, data protection regulations, and corporate laws are in place across different jurisdictions.

“Earning and keeping the trust of our users is our top priority, so we hold ourselves to the highest privacy and security standards,” Temu told CTV News.

The Quebec class action seeks to represent all residents of Quebec who have used the Temu application, either by downloading it directly or through electronic communications.

In addition to collecting biometric information, Grass claims that Temu has been gathering geospatial data to track a user’s location history, which is not relevant to online shopping.

“When it comes to the actual collection and use of data, we follow the principle of minimality, meaning we only collect and use data necessary for specific, justified scenarios,” replied Temu in a statement shared with the news outlet.

During the interview, Grass suggested that the Temu system may seek permissions for certain data; however, it does not explicitly request consent for the collection of sensitive biometric data. In such instances, companies are expected to maintain transparency regarding their data collection practices.

“We are committed to collaborating with various stakeholders to identify and address vulnerabilities, increasing the transparency of security testing, and ensuring the safety of our businesses and customers,” Temu continues.

Temu demonstrates its privacy and security standards through its partnership with HackerOne. This collaboration provides a bug bounty program, incentivizing ethical hackers to identify and report potential security vulnerabilities in Temu’s systems.

To further improve security, Temu implemented two-factor authentication in November 2023.

“At Temu, safeguarding privacy and maintaining transparency in our data practices are core values,” the company says.

Article Topics

biometric identifiers  |  biometrics  |  China  |  data privacy  |  lawsuits  |  Quebec  |  Temu