To enforce his right to privacy as enshrined in the Nigerian constitution, one Daniel John filed an application against True Software Scandinavia AB, the Swedish parent company of Truecaller. Filed in 2017, the suit is a class action in which Daniel John represents himself and other “non-users of Truecaller”.
It is now before the Court of Appeal, as the applicant calls on the higher court to reverse the judgement of the state high court in Lagos that struck out the said application on the 5th of July 2018.
Truecaller is popular in India and sub-Saharan Africa for caller identification and is reputedly the world’s largest phone book service. The app allows users to block spam calls, identify callers even when they aren’t contacts and search for contact details of other users. To provide these services, Truecaller collects data surrendered by registered users which include contact details stored on their devices, and from third-party platforms such as business directories, white and yellow pages and social media.
According to the app’s privacy policy, a wide range of user data may be collected, including: “IP address; device ID or unique identifier; device manufacturer and type; device and hardware settings; SIM card usage; applications installed on your device; ID for advertising; ad data, operating system; web browser; operator; IMSI; connection information; screen resolution; usage statistics; default communication applications; access to device address book; device log and event information; logs, keywords and metadata of incoming and outgoing calls and messages…”
In the suit against the company, the applicant contends that he is not a registered user of Truecaller, yet the software lists and publishes his name and phone number without his consent, thereby violating his right to privacy. Daniel John swears in his affidavit: “That I never gave my telephone numbers to the Respondent at any time and in any form.” And: “That I know as a fact that my telephone numbers are in the Respondent’s database and they release/publish them to their users without my consent.”
Section 37 of the Nigerian constitution provides that: “The privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications is hereby guaranteed and protected.”
Represented by the law firm of Olumide Babalola LP, Daniel John applied to the state high court for eight reliefs which include a declaration that Truecaller’s action is unconstitutional, an injunction restraining the software from further publishing the details of non-users including himself, and general damages of five million naira.
Striking out the suit, the judgement of the high court faulted the service of the application on the respondent, True Software Scandinavia AB (which was not represented), citing irregularities. The state high court also declined jurisdiction over the suit saying that, although it is an application to enforce fundamental human rights that the state high court would ordinarily be able to entertain, the subject matter relates to ‘posts, telegraphs and telephones’ and is under the exclusive reserve of federal laws.
However, Ikeyi Shittu & Co, a Nigerian law firm, has been briefed and will now represent Truecaller in the appeal, as confirmed by a partner in the firm, Nduka Ikeyi: “We were engaged around the time the High Court of Lagos State dismissed the said matter on jurisdictional grounds.”
They declined further comment on particulars of the suit because the matter is in court.
In a related development, Nigeria’s National Information Technology Development Agency (NITDA) has announced that it is investigating Truecaller for noncompliance with the Nigeria Data Protection Regulation (NDPR). NITDA says its initial findings show that Truecaller is not in compliance with global laws on data protection as well as the NDPR, and particularly, it collects “far more information than it needs to provide its primary services”.
The press statement issued by NITDA stated that: “The findings also revealed that there are over 7 million Nigerians who are active users of the Service, hence the need to enlighten the public on some of the areas of non-compliance as well as guide those affected.”
The NDPR, which was not in force at the time Daniel John’s suit was filed, may now form part of the arsenal of legal authorities that other Nigerians will employ in a legal battle against Truecaller.
Privacy International, a UK-based charity that challenges privacy violations said it contacted Truecaller on the privacy implications of publishing details of non-users, in respect of a Journalist who was placed at risk because one of her sources uses Truecaller. In reply, the company highlighted the option for non-users to “unlist” themselves.
However, unlisting can only be effective where a user is already aware of being on Truecaller database and would prove useless for persons such as the said Journalist and Daniel John, who allegedly had no prior knowledge of Truecaller.