Concerns have been raised over a Chinese shopping app offering a £50 cash reward in return for new sign-ups whereby customers agree to hand over their personal details for life.
Temu, an online marketplace which sells cheap goods to customers from wholesalers in China, is claiming to give individuals “free cash” as long as they download the app, register and then send out an invitation code to others.
The offer has gone viral on social media, with thousands of people taking to social media to share Temu codes in the hope of others signing up so they can receive the £50 reward.
However, the terms and conditions of the giveaway state users agree to hand over a large amount of personal information, giving Temu permission to use their “photo, name likeness, voice, opinions, statements, biographical information, and/or hometown and state” worldwide, “in perpetuity without further review, notification, payment or consideration”.
The data is processed in accordance with the company’s privacy policy, which says information can be shared or “sold”. However, it adds that users can opt out.
Concerns have been raised among consumer and data protection experts over the levels of sensitive data being collected.
“Giving away permission for Temu to use your ‘voice’ and ‘biographical information’ will understandably concern its customers,” said Lisa Webb, a consumer law expert for Which?.
“These offers are going viral on social media, including to young people, but consumers should definitely consider whether they are comfortable giving this sensitive data away in return for cash.
“While Temu isn’t the first platform to excessively hoover up data, there are definite question marks over whether requesting permission for personal data to be used ‘worldwide’ is proportionate in any circumstances.”
Jonathan Kirsop, a data protection partner at Pinsent Masons law firm, said the collection of personal data in this way “could be problematic on the basis that it seeks to rely on consent which may not be deemed to be ‘freely given’ in light of the incentives to do so”, and could cause them to be subject to an investigation by data protection regulators.
It comes after the US and UK governments exposed a global Chinese hacking plot that targeted White House staff and the State Department as well as British MPs and the Electoral Commission.
Washington and London this week announced sanctions on two individuals and one company linked to APT31, a China state-affiliated group, in response to cyber attacks that “endangered national security”.
The Henry Jackson Society told The Telegraph the national security risks of potential data transfers to third parties are “extremely worrying”.
“Temu’s offer terms would seem to confirm the idea that there is no such thing as a free lunch,” a spokesperson for the national security think tank said.
“British consumers will be giving control of vast swathes of their personal data to a foreign company who might well be intending to monetise that information at the very best, or use it to map opinions and viewpoints or utilise their likeness and voice at the very worst, judging by the terms suggested.
“Given that the Chinese state can also enforce legal backdoors into private companies – regardless of the intentions of those companies – the national security risks of potential data transfers are extremely worrying.”
A spokesperson for Temu said: “The use of giveaways is common to companies across numerous industries, including competitors like Shein, whose current promotions include nearly identical terms and conditions.
“Temu gathers user information solely for the purpose of delivering our service and to enhance customer experience. We do not sell user information.”