News

TrueCaller in Turmoil: The Silent Databases You Never Agreed To

April 14, 2022

“You have my number, but you don’t have my consent”. This was a key marketing statement from TrueCaller in its campaign against the harassment of women through their mobile phones called #ItsNotOk. And while this is a noble campaign to be sure, it would be hard to not see the irony in that quote considering the history of TrueCaller when it comes to consent and using the information they received.
TrueCaller is a smartphone application that was developed by True Software Scandinavia in 2009. They have the company vision on providing services to be able to identify incoming calls from unknown numbers to help block spam callers, organize inboxes, and promote user safety. However, this company vision cannot properly be achieved if this database is compromised, which was the case with TrueCaller.

 

What is the relationship between TrueCaller and India?

For TrueCaller, India is the largest market with over 220 million active users. India accounts for about 70% of TrueCaller’s 300 million active users worldwide. TrueCaller is also used by around 50% of India smartphone users, up from 35% just two years before. This number is only expected to grow as estimates calculate that India could have around 700-800 million actively connected smartphones by the end of 2024.
In addition, the country is home to a large portion of its workforce, with 170 of its roughly 300 employees being located in India. So, there may be some questions about how TrueCaller will handle the new Personal Data Protection Bill that has been drafted and examined in the Indian Parliament. This Bill has been worked on and amended from the original draft back in 2019, and aims to provide a stronger foundation and a comprehensive legal framework for data protection.

TrueCaller is a smartphone application with caller ID, call blocking, flash messaging, call recording, chat and voice over Internet features.

A multi-week investigation was conducted by The Caravan to highlight the profit made by TrueCaller due to the current lack of a comprehensive legal framework for data protection in India. The report published by The Caravan states that people’s sensitive data is being made public and without their consent. The author of The Caravan report was contacted by a journalist in Pakistan that was able to identify the author by name, phone number, and WhatsApp account using TrueCaller without being made aware their information was being used. A person lost deals that could have been worth over $13,000 as a systems engineer and business director because of promotional messages being sent to contact from their phone without their consent. TrueCaller is silently building its huge database through third-party APIs, and have managed to acquire around 5.7 billion phone numbers with the identities of the persons attached to them.

Is TrueCaller taking advantage of the lack of legal framework in India to publicly display these users’ private information?

Co-founder Alan Mamedi denies taking advantage of the lack of a comprehensive legal framework in India to publicly display users’ private information without their consent. This private information included a user’s phone number, designation, organization name, and other metadata without their consent. Additionally, it could be determined if the user’s number is used on WhatsApp. TrueCaller responded to the allegations by promising that users’ data is safe and that reaffirming that TrueCaller does not sell users’ data. In its statement, the Stockholm-based company also said it has strict security and governance measures in place. Furthermore, TrueCaller appears bullish on its growth potential and does not feel the proposed new Personal Data Protection Bill will affect the company’s profit.

However, The Caravan’s report also indicates that the company may be building a complete financial profile of its registered users, again without their consent. TrueCaller also denied its claims that the company may be building financial profiles of its users: “TrueCaller does not have the ability to build financial profiles. In addition, we would like to point out that TrueCaller exited the UPI and payments business in March 2021. We have exited both UPI and payments as well as digital lending. Digital lending was on a trial basis, in partnership with NBFCs.”

TrueCaller And The Balance Between The Public Good And The Value of Privacy?

TrueCaller points out that it is committed to complying with over 150 data regulatory regimes and regulations that the company is subject to. TrueCaller goes on to define its privacy policy as robust and protective of users’ rights. However, in discussions in New Delhi about future Indian legislation, the Swedish company says that “an individual’s expectation to keep their name and phone number private when making a call is outweighed by the critical public interest and public safety concerns that caller ID addresses.”

TrueCaller is optimistic about its growth in India as Alan Mamedi’s company does not see any potential challenges for the company’s growth due to the country’s upcoming data protection law. On the contrary, the company stressed that it remains fully compliant with Indian regulations. That said, the biggest challenge will be how to locate and move all the servers and infrastructure to India.

Finally, TrueCaller’s statement answers all the allegations made in The Caravan report one by one. The company said that it relies deeply on the trust and communication it has with its users and assured people that it handles their data securely. The Swedish company is committed to being compliant with the Indian regulations as soon as they come into effect.

As with many international applications, care must be taken in the use and transfer of this personal data, but also in its social establishment. TrueCaller is committed to respecting privacy principles by limiting the collection and use of data to that which is relevant to their services. The concepts of data protection are different in different countries and can be interpreted and understood in different ways. TrueCaller’s mission is to build trust in communication, but for trust to be established there must be honesty and accountability. We hope that the future Indian legislation will allow TrueCaller to control the collection of data if they do not decide to relocate to a more flexible country regarding data protection.

Victoria MyData-TRUST

Victoria Derumier

Data Protection Manager

If you want to contact us

Contact us