HC issues notice to Centre, Maha govt over PIL claiming Truecaller breached data privacy norms

The Bombay High Court on Wednesday issued notices to the Union and Maharashtra governments, among others, over a public interest litigation (PIL) claiming that the Truecaller mobile application "shared" user data breaching legal norms of the country. 

A bench of Chief Justice Dipankar Datta and Justice G S Kulkarni was hearing a PIL filed by one Shashank Posture. "The Truecaller app collects data of all users. It shares such data with some of its partners without the consent of users, and dumps the liability on the user," the petitioner told the court. 

Also read: Looking for a smartphone? Check Mobile Finder here. 

"This is a manipulative set up because the user has no choice. The app also registers users for a Unified Payments Interface service without their consent, or without due process," Posture alleged. 

UPDATE: Responding to the matter, Truecaller said that it does not sell or share any user data and that all user data is safe.

“Truecaller is a privacy-focused service, built on trust. We are compliant with data privacy laws and stand ready to comply with other data protection laws anywhere in the world. In addition, Truecaller practices 'data minimisation' - taking only the data required for our service to work, and nothing else,” a Truecaller spokesperson told HT Tech.

“In response, we would like to assure all Truecaller users that their data is safe. Truecaller does not sell or share user data. We deeply care about our users and their data, and would like to assure them that we securely handle their data and process it as per our Privacy Policy,” the spokesperson added.

When the court asked who were these partners benefitting from Truecaller, Posture named "Google India, Bharati Airtel, ICICI Bank", and claimed that several loan providing companies were also the beneficiaries of such data leaks by the app. Posture further said he had impleaded the Union government, the Maharashtra government, the state IT department, Truecaller international LLP, ICICI Bank, and the National Payment Corporation as respondent parties in the case. 

The government authorities approved Truecaller app "without proper checks and in contravention of the information security practices rules", Posture alleged. The High Court said this was a fit case for issuing notices. "The case of the petitioner is that Truecaller through its mobile application has indulged in an absolute breach of data privacy of citizens. 

He submits that such breach is contrary to data protection laws," the court said. "We have heard the petitioner for some time and we are of the opinion that a notice is required to be issued to respondents," it said, directing the respondent parties to reply to the notice within three weeks.