Good news about Truecaller in South Africa

The Information Regulator has not received any complaints about Truecaller breaching South Africa’s Protection of Personal Information Act (Popia), the agency’s senior communication manager, Nomzamo Zondi, has told MyBroadband.

This follows several legal experts warning that the popular spam call identification app might have broken the law by previously encouraging users to upload their phone address books to its platform.

Truecaller asked users to upload their contacts in exchange for accessing certain features and attempted to shift the responsibility onto subscribers by stating in its terms and conditions that users must obtain the necessary consent.

However, Werksmans Attorneys regulatory practice head Ahmore Burger-Smidt warned that this potentially violated Popia in two specific ways.

Firstly, the law states that personal information may not be transferred outside of South Africa unless the foreign entity has binding corporate rules or agreements that comply with Popia.

Secondly, Burger-Smidt highlighted that it was entirely possible that non-subscribers did not know their data had been uploaded and that Truecaller was using it.

She said that although Truecaller’s terms and conditions try to pass the buck to users, it remains the party determining the mandate and process for collecting the personal information.

Therefore, Truecaller was still the “responsible party” in Popia parlance and cannot be absolved of its responsibilities simply because it collected the information from a subscriber.

She acknowledged that Truecaller does provide a function that allows non-users to unlist their numbers, but said the problem is how those users would know their data had been collected in the first place.

“To this end, Truecaller should notify, by SMS or email, each person who is added to its database,” Burger-Smidt argued.

That person may then be directed to the Truecaller privacy policy and be informed of their ability to delist.

Truecaller global head of corporate communications Hitesh Bhagat denied that the app violates privacy laws by harvesting users’ contacts.

Bhagat said one of the biggest misconceptions people have about Truecaller was that it required access to a user’s contacts during signup.

“You shouldn’t confuse ‘contacts access’ with ‘contacts upload,'” he said.

He explained that Truecaller’s call screening feature requests access to contacts lists to determine whether the person calling is a contact.

If they are a contact, then the app will disengage from the call and allow you to answer your contact.

However, if the caller is not one of your contacts, it intercepts and screens the number calling you.

Bhagat said that the primary reason for needing access to contacts is screening them to see whether they are in a user’s contacts.

“There are other reasons as well. Truecaller is a dialer application,” he said.

However, Bhagat failed to mention that Truecaller asked users to upload their address books in exchange for access to its Enhanced Search functionality.

Enhanced Search has been stripped from versions of Truecaller that are listed on Google and Apple’s official app stores to comply with their terms and conditions.

However, users who downloaded the Android app from Truecaller’s website and side-loaded it could still access Enhanced Search by uploading their contacts.

MyBroadband previously asked Truecaller whether it would consider implementing a notification system as suggested by Burger-Smidt, but it sidestepped the question.

Instead, it explained that it tried to balance people’s right to know who’s calling them with their right to privacy.

“Every individual has an inherent fundamental right to know who is calling them, and we enable our users to exercise it,” a Truecaller spokesperson told MyBroadband.

“Like any other similarly placed global service, we are subject to varying requirements across jurisdictions,” they continued.

“Our service and policies are designed to comply with local laws and varying global requirements in a coherent, conducive, and harmonised manner.”

Truecaller said its privacy-first approach was further demonstrated in its ability to let users edit their profile, rectify and download their data, and deactivate their accounts from within the app.

Burger-Smidt praised Truecaller’s functionality and said the strides being made in techno-globalisation are something to be embraced and celebrated.

However, she said the wonders of our technocentric world should always be scrutinised in the context of whose personal information is collected, how the data is accessed, and what it is used for.

Regarding whether the Information Regulator would investigate Truecaller, Zondi said that people are welcome to file a complaint for them to consider.

“We encourage people to lodge complaints in this regard so that this matter can be attended to by the regulator,” she said.