User-Data leaked from Truecaller : High Court issues notice to Centre

According to the Bombay High Court, as part of a public interest litigation (PIL), the Truecaller mobile app ‘shared’ user data, contrary to Indian legal guidelines.  Shashank Posture filed a PIL with Chief Justice Dipankar Datta and Justice G S Kulkarni. Truecaller collects data about all its users, shares this data with some of its partners without the users’ consent, and dumps the liability on them. This is a manipulative setup, because the user has no choice. The app registers users for a Unified Payments Interface service without their consent, or without due process,’ Posture said.

Truecaller is a privacy-focused service based on trust. ‘We are compliant with data privacy laws and will comply with any other data protection laws in any country. Truecaller also practices ‘data minimization’ – taking only the data necessary for its service to function, and nothing else,’ a Truecaller spokesperson told.

‘We would like to assure all Truecaller users that their data is safe. Truecaller does not sell or share user information. Our users and their data are extremely important to us, so we want to assure them that their data will be handled securely and according to our Privacy Policy,’ the spokesperson stated.

Posture informed the court that Google India, Bharati Airtel and ICICI Bank were among the partners who benefited from Truecaller and that several loan companies also benefitted from these breaches from the app. Posture also said that he had impleaded the Union government, the Maharashtra government, the state IT department, Truecaller international LLP, ICICI Bank and the National Payment Corporation as respondent parties in the case.

Read more: Taliban forces pound Kunduz, as Afghan forces attack

Posture alleges that the government approved the Truecaller app ‘without proper checks and in violation of the information security practices rules’. The High Court said that this was a good case for issuing notices. According to the court, ‘The petitioner contends that Truecaller’s mobile application has been violating citizens’ data privacy to the point that it is in violation of data protection laws,’ according to the court. ‘Having heard the petitioner for some time, we are of the opinion that a notice should be sent to the respondent parties’, the court said, directing them to reply within three weeks.