Florida Attorney General Ashley Moody, joined by 20 other state attorneys general, sent a letter to online retailer Temu and its parent company PDD Holdings demanding answers about data collection, sharing, and retention practices, including potential unauthorized sharing of U.S. consumer data with the Chinese Communist Party. The coalition also raised concerns about possible violations of the Uyghur Forced Labor Prevention Act and inadequate cybersecurity measures. Temu has 30 days to respond to 11 detailed requests for information and documentation.
Temu and PDD Holdings are required to respond to 11 detailed questions about their data practices, supply chain labor practices, and cybersecurity measures within 30 days of the letter, providing documentation of data retention policies, cybersecurity measures, and audit practices.
In-house legal teams should review vendor agreements with online retailers, especially those with international affiliates, to ensure data sharing clauses prohibit unauthorized disclosure of consumer data to foreign governments or entities. Clauses governing biometric, health, and other sensitive data collection must include requirements for clear consumer notice and affirmative consent. Data retention and deletion clauses should align with consumer rights and regulatory standards, and cybersecurity clauses must mandate adequate safeguards and audit rights. For supply chain vendors, agreements should include UFLPA compliance certifications and prohibitions on forced labor, with audit rights for labor practices.
Entity
Temu
Industry
RetailOfficial Press Release
https://www.myfloridalegal.com/newsrelease/ag-moody-demands-answers-about-online-retailer-temus-business-practices-and-chinese
temu request letter final
https://www.myfloridalegal.com/sites/default/files/2024-08/temu-request-letter_final.pdf
Florida Attorney General Enforcement Page
https://www.myfloridalegal.com/privacy
"online retailer Temu"
"possible violations of the Uyghur Forced Labor Prevention Act"
"may not be following federal law or the states’ consumer protection laws"
"gathering U.S. consumer information and passing it along to the CCP"
"the type of data collected from U.S. consumers, including but not limited to data regarding consumer preferences, biometric data, political leanings, health data, race, religion or sex"
"Temu’s or PDD Holdings’ cybersecurity and data retention and storage policies"
Florida Attorney General James Uthmeier opened a civil investigation into Discord and issued a subpoena demanding documents related to its marketing to children, age-verification processes, content moderation, parental controls, and reporting of child exploitative activity. The investigation alleges potential violations of Florida’s Deceptive and Unfair Trade Practices Act, citing the platform’s widespread use by child predators to target minors. Discord must produce records on its child safety practices, minor user data, and complaint handling related to child exploitation.
The Florida Attorney General's Office launched the CHINA Prevention Unit and issued a subpoena to Shein for deceptive trade practices and data privacy violations. The unit focuses on combating threats from foreign adversaries like the Chinese Communist Party to consumer data and economic security. This action is part of broader efforts to audit and hold accountable companies with ties to China.
Florida Attorney General James Uthmeier filed a lawsuit against Roblox, alleging that the company misrepresented the safety of its platform to parents and failed to protect children from accessing adult content and being contacted by predators. The lawsuit seeks injunctive relief and other remedies to ensure child safety on the platform.
Florida Attorney General James Uthmeier issued an investigative subpoena to TP-Link Systems Inc. as part of a consumer protection investigation into the company’s cybersecurity practices, supply-chain infrastructure, and handling of U.S. consumer data, including allegations of unauthorized data sharing with the Chinese Communist Party. The probe will determine if TP-Link misled customers about foreign government access to their personal data, which would violate the Florida Deceptive and Unfair Trade Practices Act, with no findings of wrongdoing yet.
Florida Attorney General James Uthmeier filed a civil enforcement action against Roku, Inc. for violating the Florida Digital Bill of Rights (FDBOR) and Florida Deceptive and Unfair Trade Practices Act (FDUTPA). The complaint alleges Roku collected, sold, and enabled reidentification of children’s sensitive personal data, including viewing habits and voice recordings, without parental consent or meaningful notice to consumers. The state seeks civil penalties, injunctive relief, and requirements for Roku to implement transparent disclosures, lawful parental controls, and cease unauthorized processing of children’s data.
Florida Attorney General James Uthmeier filed complaints against multiple pornography websites for violating Florida's age-verification law by not verifying users' ages, allowing children access to harmful material. The law requires such sites to implement age verification, and violations can result in fines up to $50,000 per violation. The complaints seek injunctions, civil penalties, and compliance with the law.