The Bombay High Court, on Wednesday, July 7, issued notices to the Centre and the Maharashtra government over allegations of the data breach against the mobile application Truecaller.
A bench of Chief Justice Dipankar Datta and Justice G S Kulkarni issued the notices while hearing a Public Interest Litigation (PIL) filed by Shashank Posture.
Posture claimed the company shared the user data with some of its partners without the former's consent. The PIL alleged that Truecaller's operation of shared data is illegal and qualifies for breach of privacy, LiveLaw reported.
The PIL accused the government authorities of allowing the application and allowing it to function without due checks and transgression of the information security rules.
This is the company's 'manipulative step' as the user is left with no choice but to take the liability, he added. In addition, the application also registers users for a Unified Payments Interface (UPI) service without consent and due process, Posture told the Court.
Beneficiaries Of Breached Data
Google India Pvt. Ltd., telecommunications company Bharati Airtel, and the ICICI Bank were the partner beneficiaries of the users' data. The PIL claimed that the companies which provide loans were also among the beneficiaries.
Apart from the Centre and Maharashtra government, the petitioner has also prosecuted the state IT department, Truecaller international LLP, ICICI Bank, and the National Payment Corporation as the respondent in the matter.
After hearing the petitioner, the Bench issued notices to the listed companies and the governments, stating that Truecaller indulges in an absolute privacy breach of the citizens and contravention to the data protection laws. The respondents have three weeks to submit the reply in the case.
Truecaller Refutes Allegations Of Data Breach
A Truecaller spokesperson told The Logical Indian that the company has not received any formal communication regarding the PIL and would release the statement once they receive more details of the case.
For the media reports, the spokesperson denied sharing the data with certain third parties for financial benefits. The company said it discontinued UPI payments services to the users and has not signed up any new users on UPI since August 2019.
"Truecaller is a privacy-focused service built on trust. We are compliant with data privacy laws and stand ready to comply with other data protection laws anywhere in the world. In addition, Truecaller practices' data minimisation' - taking only the data required for our service to work, and nothing else," an official statement further added.