Truecaller could be investigated in South Africa for possible breach of user data
WHEN
A complaint that Truecaller is violating “multiple sections” of the Protection of Personal Information Act (Popia) has been received by the Information Regulator of South Africa. According to reports, the caller ID and spam-blocking app might face regulatory restrictions on its activities over the report.
While affirming the receipt of the complaint, Information Regulator spokeswoman Nomzamo Zondi said that the complaint is under process and that they will follow the necessary steps.
“We are still within the timeframe to process the complaint and allocate it to an investigator, who will then engage further with the complainant and the responsible party against whom the complaint was lodged. Therefore, we are unable to respond to the other questions at this time,” Zondi said.
While Truecaller has yet to make any statement on the matter, the regulatory agency did not name the complainant.
Explainer – Truecaller’s activities
Truecaller is a Swedish company founded in 2009 in Stockholm by Nami Zarringhalam and Alan Mamedi. The app began when the co-founders were just students who wanted to create a service that would easily identify incoming calls from unknown numbers.
The activities of Truecaller embody the use of user-supplied data to identify callers and block spam calls and messages. Following the downloading of the app, users give their name and phone number to the platform upon registration. This then allows other Truecaller users to identify them on incoming calls.
Since users have accented to the usage of their data in this form, Truecaller’s actions do not violate any data privacy.
Meanwhile, the caller ID and spam blocking app may face regulatory issues in the sense that when users consent to the app downloading their phone’s address book, this automatically makes it a part of the company’s database.
It translates that mobile users who are not on Truecaller can have their personal information on the app because a third party – a user – affirmed the uploading of their name and phone number.
Regulators may require Truecaller to notify each person added to its database via a third party.
Again, if the allegations of the app’s Popia violations hold any weight, the Information Regulator may be put into a dilemma; it will either be faced with upholding data privacy laws on one hand or flagging off the complaint to empower users to fight spam calls through the app usage.
The Caller ID and spam blocking app with about 425 million users around the world has proven to be one of the most effective spam detection and rejection methods available to users to fight the influx of unidentified calls.
Truecaller data privacy breach – a timeline
In 2019, the Nigerian National Information Technology Agency (NITDA) accused Truecaller of an alleged breach of privacy rights of Nigerian users. The agency said that the app privacy policy is not in compliance with global laws on data protection and the Nigeria Data Protection Regulation (NDPR) in particular.
NITDA argued that the app collects far more information than it needs to provide its primary service. It noted that it is global best practice for users to be informed of the possible third-party processors’ information that may be shared and for what purpose, insisting that this Policy flaunts this rule which is also enunciated in the NDPR.
In August 2022, Cyble – an online intelligence firm, reported that true caller data of millions of Indians has been put on sale on the dark web for $4.4 million. This was related to a report in May 2019 of the same data breach. However, the company refuted the claim, explaining that there has been no data breach on its platform.
Another report in 2022 by corporate watchdog Viceroy Research accused Truecaller of being a spyware app that would eventually be made redundant by legislation such as Europe’s General Data Protection Regulation (GDPR). The investigative financial group accused the app of deliberately moving its servers from Europe to India prior to the implementation of GDPR.
“GDPR threatened Truecaller’s spyware features, which feed the spam detection service. In response, Truecaller moved all its data servers and substantially all of its operations to India where management appears to believe it is safe from legislation designed to protect the privacy of its customers. This is not the case,” Viceroy Research said in its report.
Also Read: NITDA warns Nigerian users of cyber threat linked to Spotify.
