The popular caller ID and spam-blocking app, Truecaller, is facing serious allegations of violating South Africa’s Protection of Personal Information Act (Popia). A formal complaint lodged with the Information Regulator of South Africa has put the app’s operations under scrutiny. Depending on the outcome, Truecaller could face regulatory restrictions that might alter its services in the region.
The Complaint and Regulatory Response
While the identity of the complainant remains undisclosed, the Information Regulator has acknowledged receiving the complaint. Spokeswoman Nomzamo Zondi confirmed that the matter is being processed and has been assigned to an investigator who will engage with the complainant and Truecaller.
“We are still within the timeframe to process the complaint… Therefore, we are unable to respond to other questions at this time,” Zondi stated.
Truecaller has not yet issued a public statement regarding the allegations.
Understanding Truecaller’s Operations
Founded in 2009 in Stockholm, Sweden, by Nami Zarringhalam and Alan Mamedi, Truecaller was designed to help users identify unknown callers and block spam calls. Its operations depend heavily on user-supplied data.
When users download the app, they register by providing their name and phone number, allowing other Truecaller users to identify them during incoming calls. However, the app also uploads the user’s contact list (address book) to its database, enabling it to identify numbers not directly registered on the platform.
This practice raises significant privacy concerns. Non-users—individuals who have never interacted with the app—may find their personal information on Truecaller’s database without consent. Regulators may require Truecaller to notify these individuals of their inclusion in the database, a step the company currently does not take.
The Core Privacy Debate
Truecaller’s justification rests on user consent: individuals agree to the app’s terms when registering. However, the inclusion of third-party contacts without explicit consent introduces a potential violation of privacy laws like Popia.
Regulatory agencies might need to balance two opposing priorities:
- Upholding privacy laws to protect non-users.
- Allowing Truecaller to continue its spam-blocking and caller-identification functions, which benefit millions.
A Global History of Data Privacy Controversies
Truecaller is no stranger to privacy disputes. Below is a timeline of notable controversies:
1. Nigeria (2019)
The Nigerian National Information Technology Development Agency (NITDA) accused Truecaller of breaching the Nigeria Data Protection Regulation (NDPR). The agency argued that the app collects excessive user data, violating global privacy standards. NITDA demanded greater transparency in how data is shared with third-party processors.
2. India (2019 & 2022)
- May 2019: Reports emerged that data from Truecaller’s database was available for sale on the dark web.
- August 2022: Cyber intelligence firm Cyble reiterated this claim, stating that millions of Indian users’ data was being sold for $4.4 million. Truecaller denied the allegations, asserting that its systems were secure.
SEE ALSO: Meta and Spotify Tease New Feature to Seamlessly Share Your Music on Instagram
3. Europe (2022)
Corporate watchdog Viceroy Research accused Truecaller of evading the General Data Protection Regulation (GDPR) by moving its servers and operations from Europe to India before GDPR took effect. The report labeled Truecaller a “spyware app,” claiming its features violate users’ privacy to feed its spam detection services.
The Implications for South Africa
The current complaint highlights how Truecaller’s global practices intersect with South Africa’s stringent data privacy laws under Popia. Key issues at stake include:
- Consent: Truecaller’s reliance on user consent to upload third-party contact lists may not align with Popia’s requirements for explicit, informed consent from all affected individuals.
- Transparency: Regulators may require Truecaller to notify non-users whose data is uploaded via third-party address books.
- Enforcement: If Truecaller is found to have violated Popia, the Information Regulator could impose fines or even restrict the app’s operations in South Africa.
Balancing Privacy and Utility
Truecaller’s 425 million global users rely on the app to block spam and identify unknown callers. In South Africa, where spam calls and scams are prevalent, Truecaller provides a valuable service. However, its privacy practices must align with local laws to maintain user trust and avoid regulatory backlash.
This case could set a precedent for how global apps operate in jurisdictions with robust privacy regulations. If Truecaller adapts its practices to comply with Popia, other companies might follow suit, improving privacy standards across the board.
The Road Ahead
Truecaller’s next steps will be critical. The company’s response to the Information Regulator’s investigation—and its willingness to address privacy concerns—will determine its future in South Africa.
For now, the app remains under scrutiny, with regulators, privacy advocates, and users watching closely. The outcome of this case could reshape the relationship between global tech platforms and regional privacy laws, ensuring that user data is handled with greater care and transparency.