Temu & Shein

The Big Brother Award 2024 in the category “Consumer Protection” goes to

the e-commerce platforms Temu and Shein

and their EU headquarters in Ireland. With this Big Brother Award 2024, we are honouring the fact that both providers limit or exclude users’ and customers’ rights by their Privacy Policies and Terms and Conditions.

Cheap Offers

The platforms Temu and Shein – which are registered in Ireland and have Chinese owners – offer a wide range of goods from mostly Chinese manufacturers. You can find products from all areas ranging from “A” for apron to “Z” for ziplock. The offers are affordable, not to say: “cheap”. For example, wireless over-ear headphones are offered by Shein for just €10.63, while an electric toothbrush with four brush heads (the packaging of which resembles that of a widely available brand product) is reduced from €12.76 to only €7.65.

As part of a “Jubilee Party”, there were recently five men’s underwear sets available for just €8.73. Temu presented this amazing deal with the “last four sexy leopard briefs” for men for only €14.85 against it. Temu’s motto is actually: “Shop like a billionaire”.

It’s not easy to find out about the Chinese manufacturers behind the products. Shein promises in its T&Cs: “The name and contact information of each seller will be displayed in every product specification on the website before the customer confirms their order.” In reality, only company names are typically listed – just like at Temu. Trying to gather more information online about these companies often ends up with “unfinished”, “neglected”, or even “dead” websites.

Dark Patterns

Both platforms lure visitors into making purchases through various “Dark Patterns”. This term refers to the design and layout of websites that manipulate users’ actions. On Shein’s website, discounts, time-limited special offers, or phrases like “only a few remaining” create a constant pressure to buy. This is achieved by creating a sense of urgency and exclusivity, making users feel compelled to make an impulse purchase.

Similarly, at Temu, rotating ads appearing under many products, such as “only 5 left!” or “almost sold out!”, create pressure.

By the way: those who are annoyed by this kind of manipulation can complain to the Federal Network Agency (Bundesnetzagentur) with reference to the Digital Services Act.

Becoming involuntary importers

With a purchase in China, customers become “importers”. Shein explains it this way: “By confirming your purchase, you agree to pay all applicable duties, taxes, shipping costs, and other amounts related to your purchase. Additionally, you acknowledge your responsibility for value-added tax and customs fees.” If the total value of an import exceeds the €150 tax-free threshold, German customs authorities can demand duties from the purchaser. Shein's or Temu's assurances that all prices listed on their website are “gross amounts” do not change this. If a customer in Germany orders textiles worth €300 and receives them in partial shipments of €100 each, they may be subject to a customs charge of around €100.

Some offers on Temu or Shein have a great resemblance to branded products. If you buy them, you risk facing a cease and desist letter from the original product manufacturer instead of receiving the item.¹ Purchasing a counterfeit article for personal use can be considered a legal infringement.² If customs officers discover a “plagiarized” or “counterfeit product”, they are allowed to inform the manufacturers of the originals about the “importer”. “Very cheap” can very quickly become “extremely expensive”.

Data protection

Those who want to know what happens to their data at Temu and Shein must read dozens of densely packed pages with complex formulations. This goes against transparency requirements set by the General Data Protection Regulation (GDPR). The GDPR includes provisions such as the obligation to inform affected individuals about how their data is processed in a transparent, understandable, and easily accessible way, as well as in clear and simple language.

The data protection regulations and the terms and conditions of service of Temu and Shein are of equally poor quality as the offered products. In Shein’s (German) T&Cs, it is stated (translated): “Contract language is Germany” or “Disputes (...) can only be heard by the courts of Germans.”

At Temu, it is stated that only the personal data is processed that “we collect via our digital properties.”

“Digital properties” – what does that even mean? Is that just the digital hallucination of some cheap translation software or the error of a clickworker on low wages?

Changes to Data Protection Policy

Temu and Shein also reserve the right to change their data protection rules at any time unilaterally. Temu explicitly states: “We recommend that you read our privacy policy every time you visit our service to stay up-to-date on our data protection practices.”

Therefore, customers must be vigilant to know what these providers may and may not do. While writing this speech, I noticed that at Shein, a whole paragraph of the data protection regulations was changed within just 48 hours.

Consent declarations

Worst of all is the handling of consent declarations: The first time either online portal is opened, “consent pop-ups” do indeed appear. However, on Shein’s German language homepage at the time of our research, the text for the consent declaration was entirely in Italian, accompanied by answer options such as “Gestione dei cookie”, “Reject all”, or “Accept”.

If you click “Reject all” and think you are rejecting comprehensive data processing, you are mistaken: The T&Cs and data protection guidelines of both companies also allow for nearly unlimited processing of customer data without consent. Shein explicitly states this in its T&Cs: “The fact that you are using this website means that you accept these usage terms without reservation, unless legally prohibited.”

The acknowledgment of the data protection policy is also embedded in Shein’s T&Cs: “The customer confirms that they have read and understood the Data Protection Guidelines of the Marketplace, which explain how personal data of the customer will be collected and processed when using the services on the website.”

If you are still unclear about what Shein can do, you will be “screamed” at in capitals: “THE USE OF THIS WEBSITE ASSUMES THE EXPRESS CONSENT TO THESE GENERAL TERMS AND CONDITIONS. IF YOU DO NOT ACCEPT THEM, YOU MUST CEASE THE USE OF THIS WEBSITE. INVALID, IF FORBIDDEN.”

Temu regulates its permissions in a similar manner in its T&Cs.

With rules like this, both companies could actually remove their “consent pop-ups” entirely. However, this is blatantly deceiving users and customers who have explicitly objected to the processing of their personal data. It is also a violation of data protection regulations.

Do not track

There are also matching positions from both providers on the topic of “Do not track”. At Temu, it is stated simply: “We do not currently respond to ‘Do Not Track’ or similar signals.”

Shein’s Privacy Policy is a bit more detailed: “Some internet browsers such as Internet Explorer, Firefox, and Safari offer the possibility to transmit ‘Do Not Track’ or ‘DNT’ signals. Since there are no unified standards for ‘DNT’ signals, our website does not currently process or respond to ‘DNT’ signals.”

Such statements make it clear that these companies have no regard whatsoever for customer data protection.

Access by Chinese government agencies

In China, data protection regulations like the “Personal Information Protection Law (PIPL)” from 20 August 2021, allow state agencies to make extensive access to personal data held by Chinese-based companies, including data from European countries.

However, in the European General Data Protection Regulation (GDPR), there is no provision that justifies processing of customer data from Germany in China. In fact, such processing would be contrary to the overriding legitimate interests, fundamental rights, and fundamental freedom of European users.

Therefore, Temu and Shein should clearly reject any such transmissions. In reality, the opposite is true: In Temu’s Privacy Policy, for example, under the heading “Compliance and Legal Obligations”, it is explicitly stated that personal data can be used to “ensure compliance with legal and contractual requirements.”

At Shein, it is stated: “We have the right to use your personal data to fulfil our legal obligations (...).”

Those who use such wording open the floodgates to the processing of customer data in China, which violates European law. This includes the use of data by state security agencies.

Given the level of access that Chinese spies therefore have, those who stand in the public view in Germany and fall into political disfavour in China should consider, for example, not purchasing goods like sex toys (that both Shein and Temu also offer cheaply).

Conclusion

The list of regulations in the privacy protection guidelines and terms of service of Shein or Temu could be extended to include many more rules that contradict the GDPR or infringe on customers’ rights. However, this is enough to demonstrate why we should award the Big Brother Award 2024 in the category “Consumer Protection” to Temu and Shein.

Therefore: congratulations on receiving the Big Brother Award 2024!