Data for dollars: Beware of cash-incentive deals

Temu, a Chinese e-commerce platform with global popularity, recently offered cash incentives for new user registrations, sparking both interest and skepticism. The offer seemed straightforward enough: sign up for an account, refer someone, and both people receive cash. But, as with anything that appears too easy, there’s a catch—the exchange of personal information.

More specifically, the terms of the program stated that all manner of user data, including pictures and names, could be used and sold by Temu for ad targeting. In response, cybersecurity experts started waving caution flags, pointing out the potential risks tied to privacy and security that come with this type of data sharing.

“Personal data has transformed into a type of currency,” says Lauren Hendry Parsons, Privacy Advocate at ExpressVPN. “But as the demand for this data grows, so does the risk of misuse, identity theft, and the unnerving potential for deepfakes. Given the recent surge in cyberattacks, it’s become more important than ever to take a second look at these seemingly innocent deals.”

Join us as we peel back the layers on deals like Temu’s, looking at the wider implications for data privacy and what it means for you.

What’s the deal with Temu and its cash offer?

If you live in the U.S. or Europe, you’ve likely seen Temu popping up on your social feed or heard a friend mention it. Here’s what it is and what’s going on with the cash offer everyone’s talking about.

What is Temu?

Temu is a relatively new kid on the block in the online shopping world. Think of it as an “Amazon on steroids,” as some retail experts have called it. Launched in the U.S. in 2022 and hitting the UK a year later, it’s been making waves for selling just about everything under the sun at insanely low prices. Their slogan? “Shop like a billionaire.” 

The platform is designed to appeal to pretty much anyone looking for a deal. Whether you’re outfitting your wardrobe, decking out your living space, or grabbing the latest gadgets, Temu’s prices are hard to ignore. 

What’s Temu’s cash offer about?

In mid-March 2024, Temu decided to stir up the market by introducing a cash giveaway for new sign-ups in England and later in France. The deal? Sign up, spread the word, and both you and whoever joins through your link can pocket 40 to 50 GBP (51 to 63 USD)—or 50 Euro (54 USD) in France—which lands straight into your PayPal account. Or, if you prefer, you can opt for Temu store credit instead.

Sounds simple enough, but as the buzz grew, so did the scrutiny. Initially, the small print seemed to ask participants to agree to broad terms—like permission to use their photos, names, voices, and a whole lot more, potentially forever and everywhere. That got people talking (and tweeting), and not all of it was good.

Facing backlash and undergoing an investigation by the Information Commissioner’s Office (ICO), a data watchdog, Temu decided to dial things back. They modified the terms to focus more on usernames and profile pics for the sake of referrals and winner announcements, saying the original wording was a bit too all-encompassing.

However, despite efforts to smooth things over, the damage had already been done for Temu. The revised terms didn’t quell concerns. Realizing the ongoing fears around how much personal data was being scooped up—under terms that felt too invasive to many—the company chose to completely withdraw its cash offer in both regions.

The real price of cash-incentive deals

It’s a tale as old as time, or at least as old as online shopping: brands dangling the carrot of easy money or irresistible deals to draw us in. The promise of quick cash or a bargain is hard to resist. But there’s often more than meets the eye, especially when it comes to the fine print we so readily skip over. Temu’s recent cash offer saga serves as a stark reminder of why it’s crucial to pause and scrutinize the details before diving in.

“The excitement of a quick payout can easily overshadow the reality of what you’re signing up for,” says Hendry Parsons. “In the case of Temu, the initial terms essentially enlisted users into a lifetime of data sharing, without the explicit, ongoing consent that’s become a cornerstone of digital privacy. Photos, names, and voices were all fair game, creating a reservoir of personal data that Temu could dip into for advertising or even sell to third parties.”

Data is the currency of our time, with digital companies leveraging this information to tailor ads to the user. But the catch is that this data doesn’t always stay within the confines of the original transaction. Selling it to third-party providers is common practice, and here’s where the risks skyrocket. These third parties aren’t always under the same scrutiny or obligations to protect your data, leaving it vulnerable to misuse.

While email addresses are one thing, Temu was delving into far more personal territory. Pictures and voice data are more than just unique identifiers—they’re pieces of you. In the wrong hands, this information could fuel the burgeoning industry of deepfakes, contribute to identity theft, and lead to a host of other digital crimes that are becoming increasingly sophisticated and difficult to counter.

“Temu’s backpedaling on their offer, driven by public and regulatory pushback, highlights a growing awareness and concern over digital privacy rights,” adds Hendry Parsons. “It underscores the need for critical engagement with the terms of any deal, especially those that seem too good to be true. The allure of a quick buck shouldn’t blind us to the value of our personal data and the potential consequences of its misuse.

“It’s started a valuable conversation about protecting and valuing your personal data—and what price you are prepared to put on your digital self.”

“However, the upside of this issue is that it’s brought public attention to a major issue facing data privacy. It’s started a valuable conversation about protecting and valuing your personal data—and what price you are prepared to put on your digital self.”

The broader implications 

Temu’s entrance with its cash-for-sign-ups promotion might remind you of another story that’s been unfolding online: TikTok’s scrutiny by U.S. legislators. The concerns over TikTok, owned by ByteDance, have revolved around fears of user data potentially being accessed by the Chinese government, due to laws requiring companies to cooperate with the state. This backdrop of apprehension offers a parallel to Temu.

Temu’s cash incentive deal raised eyebrows, not just for the volume of data collected but for the potential destinations of this data. Temu is a subsidiary of PDD Holdings, which owns Pinduoduo, a popular shopping app that’s come under fire for spying capabilities. This echoes the TikTok situation, bringing a heightened level of scrutiny of how deep data collection can go and to what ends the information could be used—or misused.

E-commerce and your data: How to shop safely

“The Temu incident is a wake-up call, emphasizing the importance of understanding the terms of digital offers,” says Hendry Parsons. “It’s a potent reminder that while the internet offers unprecedented connectivity, we need to arm ourselves with knowledge and practices that protect our data.”

Here are practical steps to ensure you stay ahead of the e-commerce game without compromising your digital safety:

1. Read before you click

Before agreeing to any online offer, take the time to thoroughly read the terms and conditions. Yes, it might be tedious, but understanding what you’re signing up for can save you from unintended consequences. Pay special attention to clauses about data sharing and storage.

2. Understand data usage

Seek clarity on how your data will be used. If a platform plans to share your information with third parties, consider the implications. Platforms should clearly state whether your data could be sold and how you can opt out if you disagree with their policies.

3. Maintain digital hygiene

Regularly review the permissions and data you’ve shared with platforms. Utilize privacy settings to control the amount of information you’re comfortable with sharing. Remember, less is more when it comes to sharing personal details online.

4. Use secure connections

Whenever possible, ensure your online activities are conducted over secure connections. Tools like a high-quality VPN from ExpressVPN can provide an added layer of security, especially when accessing the internet from public Wi-Fi networks.

5. Stay informed

Stay informed about the latest threats in digital privacy and security. Following reputable sources and experts in the field can provide insights and tips for safer online engagements.

6. Leverage data protection rights

Familiarize yourself with your data protection rights under laws like GDPR in the EU or CCPA in California. These regulations offer tools and avenues to control and protect your personal information, including the right to access, correct, and delete your data.

7. Question the freebies

Always question the motive behind free offers. If an offer seems too good to be true, it probably is. Consider what companies gain from giving away products or money–in many cases, it’s access to your data.

8. Opt for transparency

Support platforms that prioritize transparency and user control over data. Companies that clearly communicate their data practices and provide straightforward options for data management are more likely to respect user privacy.