wordpress blog stats
Connect with us

Hi, what are you looking for?

Bombay High Court issues notice to Union govt, NPCI over ‘data privacy breach’ by Truecaller, app denies allegations

truecaller screen
truecaller

Some of the allegations leveled against Truecaller include the collection of IP addresses, device IDs, and automatically signing up users for the app’s now-defunct UPI payment services. 

The Bombay High Court has issued a notice to the Union government and the National Payment Corporation of India (NCPI) seeking their response to public interest litigation (PIL) alleging that Truecaller, a caller ID verifier app, was “sharing” user data, thus breaching data privacy of users. However, a Truecaller spokesperson, while responding to queries made by MediaNama, denied the allegations and maintained that it is ‘compliant with data privacy laws and stand ready to comply with other data protection laws anywhere in the world’.

In his notice, dated July 7, a copy of which MediaNama has seen, Chief Justice Dipankar Dutta and Justice Girish Kulkarni said, “Having heard the petitioner in person for some time, we are of the opinion that notice on this petition is required to be issued to the respondents. Accordingly, we issue notice to the respondents returnable after three weeks.” The matter is set to be heard next on July 29.

The petitioner, Shashank Posture, in his PIL alleged that Truecaller International LLP, which operates the Truecaller app has breached the data privacy of cell phone users. Posture has submitted that such activities are illegal and contrary to the position in law on privacy of the cell phone users.

The bench noted, “In addition to Court notice, the petitioners are permitted to serve the respondents by a private notice and place on record affidavit of service. In case the respondents are served before the returnable date, the respondents are at liberty to file their reply affidavits.”

Advertisement. Scroll to continue reading.

What does the petition say?

In his petition, law student Posture claimed that there was a need to protect millions of citizens from Truecaller as they were allegedly collecting data unlawfully. These are the salient submissions they made in their PIL —

  • Collection of call data by Truecaller will cause a negative impact on national security and amounts to a breach of privacy
  • Exemption clauses in Truecaller’s privacy policy leave no choice for users except to adhere to terms of service
  • Data collected by the app can be used for marketing and advertising
  • App allegedly collects data from users even after an account is deactivated
  • Truecaller purportedly created UPI IDs for users without bank accounts in ICICI Bank
  • Truecaller allegedly collects sensitive information including geo-location, IP address, device ID, as well as browsing history, etc.
  • Truecaller was automatically registering their users on UPI without consent and thus financial details of citizens like bank account details, or credit/debit card details were being breached by Truecaller.

Grievance against NPCI: Posture, in his PIL, said that the National Payments Corporation of India allegedly failed to do its duty of monitoring Truecaller’s activities with regards to ICICI Bank. The National Payments Corporation of India is an umbrella organisation for operating retail payments and settlement systems under the ownership of the Reserve Bank of India in India.

What is the relief sought by the petitioners?

The PIL urged the court to —

  • Declare that Truecaller’s terms and services and privacy policy was against the public
  • Direct Truecaller to delete all personal data of Indian citizens obtained without valid consent
  • Direct Union government to conduct an enquiry into the activities of ICICI Bank and Truecaller

Not sharing data with anyone, stopped UPI in 2019: Truecaller

“Pursuant to a strategic business decision last year, Truecaller discontinued offering Unified Payments Interface (UPI) payment services and has not signed up any new users on UPI since August 2019,” a Truecaller spokesperson told MediaNama in a statement. The spokesperson said that it has not received any formal communication regarding the PIL so far, and would be able to comment more on the matter when they do.

“We are compliant with data privacy laws and stand ready to comply with other data protection laws anywhere in the world. In addition, Truecaller practices ‘data minimisation’ – taking only the data required for our service to work, and nothing else.

Truecaller does not sell or share user data. We deeply care about our users and their data, and would like to assure them that we securely handle their data and process it as per our Privacy Policy.” – the Truecaller statement said.

Claims of Truecaller data breach made in 2020: The personal data of 47.5 million Indians — including their phone number, service provider, name, gender, city, email, and Facebook ID, among other things — claimed to be sourced from caller ID app Truecaller is available for sale on the dark web for $1,000 (₹75,000), cybersecurity firm Cyble had said in 2020.

However, Truecaller, in a statement to MediaNama, had denied any breach of its database. A Truecaller spokesperson said: “ We were informed about a similar sale of data in May 2019. What they have here is likely the same dataset as before. It’s easy for bad actors to compile multiple phone number databases and put a Truecaller stamp on it. By doing that, it lends some credibility to the data and makes it easier for them to sell. We urge the public and users not to fall prey to such bad actors whose primary motive is to swindle the people of their money.”

Also read

Advertisement. Scroll to continue reading.

Written By

Among other subjects, I cover the increasing usage of emerging technologies, especially for surveillance in India

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.

News

The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.

News

In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...

News

By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...

News

By Stella Joseph, Prakhil Mishra, and Yash Desai The Government of India circulated proposed amendments to the Consumer Protection (E-Commerce) Rules, 2020 (“E-Commerce Rules”) which...

You May Also Like

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ