MUMBAI: The Bombay High Court on Wednesday issued notices to the Union and Maharashtra governments, among others, over a public interest litigation (PIL) claiming that the Truecaller mobile application "shared" user data breaching legal norms of the country.
A bench of Chief Justice Dipankar Datta and Justice GS Kulkarni was hearing a PIL filed by one Shashank Posture. "The Truecaller app collects data of all users. It shares such data with some of its partners without the consent of users, and dumps the liability on the user," the petitioner told the court.
"This is a manipulative set up because the user has no choice. The app also registers users for a Unified Payments Interface service without their consent, or without due process," Posture alleged.
When the court asked who were these partners benefitting from Truecaller, Posture named "Google India, Bharati Airtel, ICICI Bank", and claimed that several loan providing companies were also the beneficiaries of such data leaks by the app.
Posture further said he had impleaded the Union government, the Maharashtra government, the state IT department, Truecaller international LLP, ICICI Bank, and the National Payment Corporation as respondent parties in the case.
Posture alleged that the government authorities approved Truecaller app "without proper checks and in contravention of the information security practices rules".
The High Court said this was a fit case for issuing notices. "The case of the petitioner is that Truecaller through its mobile application has indulged in an absolute breach of data privacy of citizens. He submits that such breach is contrary to data protection laws," the court said.
"We have heard the petitioner for some time and we are of the opinion that a notice is required to be issued to respondents," it said, directing the respondent parties to reply to the notice within three weeks.
Truecaller, in a statement shared with The New Indian Express, said they are a privacy-focused service and do not sell or share user data.
"Truecaller data is safe, stored 100% in India (without any foreign backups or mirrors) and stored with the highest levels of protection," the company said, adding that it practises 'data minimisation' - taking only the data required to operate, and nothing else.