Nigeria has launched an investigation into Truecaller’s potential breach of privacy rights under the Nigeria Data Protection Regulation, announced the country’s National Information Technology Agency (NITDA). The agency accused it of over-collection of user data and sharing it with third-party advertisers without users’ consent. In a public statement, it warned people of Truecaller’s violation of privacy rights, and urged users to delist from the app.

The regulator – a federal government agency, established in 2001 –  also said that “every Nigerian user is contracting with Truecaller India”. We have reached out to Truecaller for clarification.

NITDA didn’t find Truecaller’s privacy policy and terms and conditions in compliance with global data protection laws including Nigeria’s. The country’s Chief Information Technology Officer, Kashifu Abdullahi Inuwa, said that Truecaller’s privacy policy has several “illegitimate provisions”. He added that the implications of these provisions may be “far-reaching” and put many Nigerians in “unsavoury conditions”.

NITDA said that Truecaller users are susceptible to a “serious invasion of their privacy”; because the app’s privacy policy says that it “supplements” users information by using information from third party apps, NITDA said this has encouraged people to continue using Nigerian identities to perpetuate fraud.

The regulator also said that Truecaller collects more data than it is actually required for the app to function.  NITDA also questioned Truecaller sharing users’ personal information with third-party advertisers, and said that the app should inform users about the third-parties with which it shares their data along with a reason for doing so.

A Truecaller spokesperson told MediaNama that the company is currently reviewing the comments made by NITDA:

“We would like to assure our users in Nigeria and globally that users’ privacy is of utmost importance to Truecaller. We are in the process of reviewing the comments made by NITDA and will give more information on it very soon.” – Truecaller

Truecaller’s ‘bug’ affected several users in India

This is not the first time that Truecaller has been called into question over users’ privacy. In July 2019, Truecaller automatically started the registration process for creating an UPI ID for multiple users, although Truecaller called it a “bug” and said it affected only a small fraction of its users in India. However, this led to the National Payments Corporation of India (NPCI) from stopping on boarding of new users on Truecaller’s UPI Platform.