Cold-callers vs Truecaller: Who's really the victim?
One reaction to the news that some companies complained to the Information Regulator because the Truecaller app harms their business by revealing their phone numbers, is: you have to be kidding.
These companies are the ones who invade your privacy by calling you at all hours with sales pitches in what could be a violation of Protection of Personal Information Act (Popia).
Some of them obtain your contact details in dubious ways, too. And yet now they are the victims?
The companies are upset that Truecaller flags their numbers as 'spam' if users have flagged them as such… and that the app charges a fee to 'whitelist' them.
ALSO READ: SA companies lodge complaint against Truecaller app for violating Popia
Experts say, though, that there's another side to the issue. If a company genuinely wants to contact a customer – as opposed to pitching for new business – and it is flagged, the call will automatically be blocked by Truecaller.
However, if that was really the case, we would say there are multiple channels to use to contact customers – via e-mail or messaging apps, for example.
Popia does not exist for many in the cold-calling industry, so why should we suddenly care that companies may be slightly prejudiced by Truecaller?
Stop annoying people and maybe we'd feel more sympathetic.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
IOL News
2 days ago
- IOL News
Navigating Employer and Employee Liability for Generative AI Use in South African Workplaces
How is generative AI reshaping South African workplaces, and what legal challenges do employers and employees face in this evolving landscape? Image: IOL / Ron AI The rapid adoption of generative AI technologies like ChatGPT has transformed South African workplaces since 2022, creating both unprecedented opportunities and complex legal challenges. This technological shift has prompted important conversations across various institutional settings, with educational institutions and the judiciary leading discussions on how to mainstream generative AI while maintaining ethical standards. However, the workplace context has received notably less attention in these discussions. This oversight becomes particularly concerning when considering the fundamental question of employee liability for using generative AI tools especially in environments where explicit workplace policies remain absent and AI-specific legislation has yet to emerge. This gap leaves employers and employees navigating uncharted territory, where the absence of specific guidance may force reliance on existing frameworks primarily the Protection of Personal Information Act (POPIA) and the Labour Relations Act (LRA) to interpret the legal implications of generative AI use in professional settings. POPIA's Application to AI Use POPIA has found unexpected relevance in the age of generative AI. While lawmakers could hardly have anticipated ChatGPT and similar tools, POPIA's principles may apply directly when employees use AI systems to process personal or confidential information about clients, colleagues, or third parties. Section 4's requirements that processing be lawful, reasonable, and respectful of data subject rights take on particular significance in the AI context. These conditions typically demand informed consent or another lawful basis such as contractual necessity or legitimate interest. The problem arises when employees input personal data into AI tools without proper authorisation, or due regard for processing limitations or rights of data subjects thus creating what POPIA unambiguously defines as unlawful processing. The individual employee's obligation intersects with broader institutional duties under Section 19, which requires organisations to implement appropriate security measures in securing the integrity and confidentiality of personal information. This creates a web of shared responsibility: employees who circumvent established protocols whether through careless data uploading or deliberate workarounds expose both themselves and their employers to liability for data breaches and privacy violations. The practical consequence proves straightforward yet sobering. Unauthorised or negligent AI use that results in personal data exposure constitutes unlawful processing regardless of whether explicit AI policies exist. Employees may face potential disciplinary action and legal consequences, while their employers could confront concurrent regulatory penalties and civil liability a dual exposure that many organisations have yet to fully grasp. Video Player is loading. Play Video Play Unmute Current Time 0:00 / Duration -:- Loaded : 0% Stream Type LIVE Seek to live, currently behind live LIVE Remaining Time - 0:00 This is a modal window. Beginning of dialog window. Escape will cancel and close the window. Text Color White Black Red Green Blue Yellow Magenta Cyan Transparency Opaque Semi-Transparent Background Color Black White Red Green Blue Yellow Magenta Cyan Transparency Opaque Semi-Transparent Transparent Window Color Black White Red Green Blue Yellow Magenta Cyan Transparency Transparent Semi-Transparent Opaque Font Size 50% 75% 100% 125% 150% 175% 200% 300% 400% Text Edge Style None Raised Depressed Uniform Dropshadow Font Family Proportional Sans-Serif Monospace Sans-Serif Proportional Serif Monospace Serif Casual Script Small Caps Reset restore all settings to the default values Done Close Modal Dialog End of dialog window. Advertisement Video Player is loading. Play Video Play Unmute Current Time 0:00 / Duration -:- Loaded : 0% Stream Type LIVE Seek to live, currently behind live LIVE Remaining Time - 0:00 This is a modal window. Beginning of dialog window. Escape will cancel and close the window. Text Color White Black Red Green Blue Yellow Magenta Cyan Transparency Opaque Semi-Transparent Background Color Black White Red Green Blue Yellow Magenta Cyan Transparency Opaque Semi-Transparent Transparent Window Color Black White Red Green Blue Yellow Magenta Cyan Transparency Transparent Semi-Transparent Opaque Font Size 50% 75% 100% 125% 150% 175% 200% 300% 400% Text Edge Style None Raised Depressed Uniform Dropshadow Font Family Proportional Sans-Serif Monospace Sans-Serif Proportional Serif Monospace Serif Casual Script Small Caps Reset restore all settings to the default values Done Close Modal Dialog End of dialog window. Next Stay Close ✕ Labour Law Framework and Employee Accountability From a labour law perspective, the absence of AI-specific legislation creates no legal safe harbour for employees. Fundamental obligations under employment contracts and workplace policies remain intact, with the LRA providing employers established mechanisms to potentially utilise in addressing AI-related 'misconduct.' Employment contracts commonly include confidentiality clauses that prohibit unauthorised disclosure of proprietary or sensitive information. Provisions that are seemingly adaptable to the AI era (if applied with caution). If an employee uses generative AI tools in a manner that transfers confidential data to unauthorised platforms or persons, this behaviour may breach contractual duties. Employers may then invoke disciplinary procedures under the LRA to address such misconduct, potentially leading to warnings, suspensions, or dismissal, depending on the severity. The scope of accountability extends beyond confidentiality to encompass intellectual property rights and workplace conduct standards. Misappropriation of IP through AI-generated content or failure to adhere to ethical guidelines regarding AI use provides legitimate grounds for employer action, even without explicit AI references in existing policies. However, employers may face challenges enforcing liability if no AI-specific rules exist and if employees claim ignorance of expectations. Changing Legal Landscape for South Africa and Use of AI The regulatory fog that has surrounded AI in South Africa is gradually lifting. The National AI Policy Framework, introduced in 2024, represents the government's first serious attempt to grapple with AI's dual nature its extraordinary promise alongside genuine risks that cannot be ignored. At its heart, the framework insists on human oversight, ensuring that AI systems augment rather than replace human decision-making. It also encompasses broader measures of accountability and transparency in AI system operations, including proactive efforts to identify and mitigate algorithmic bias, as well as design principles that ensure AI outputs are understandable and interpretable by users. The framework's most pragmatic promise lies in connecting AI governance to existing legal structures, particularly POPIA, rather than creating parallel regulatory systems. The policy also acknowledges an uncomfortable truth about South Africa's AI future: success depends heavily on developing local talent and expertise. Without substantial investment in the latter, the country risks becoming merely a consumer rather than a participant in the global AI economy. This framework shifts from a purely technical approach to insistence that AI applications embody fundamental South African constitutional values. Perhaps more pointedly, this declaratory position affirms that South Africa will not simply adopt AI technologies as they emerge, but will assume responsibility to shape implementation within the broader South African context. What employers can do in the interim while legal reforms are under way South African organisations face a pressing dilemma: while lawmakers struggle to keep pace with AI's rapid evolution, businesses cannot simply wait for regulatory clarity. The starting point being establishing acceptable AI use within the workplace. Rather than imposing blanket restrictions, effective governance distinguishes between applications that genuinely enhance productivity and those that introduce unacceptable legal or operational risks. Data protection presents the most immediate concern. POPIA's existing requirements make the casual uploading of sensitive information to public AI platforms a significant compliance hazard. Organisations that implement explicit authorisation protocols before any confidential data reaches AI systems not only avoid potential legal challenges but also demonstrate responsible stewardship of stakeholder information. Employee education proves equally crucial in this environment. Staff who understand the intersection between AI capabilities and legal obligations make fundamentally better decisions. Training that addresses privacy requirements, intellectual property implications, and the ways algorithmic bias can infiltrate business processes creates a workforce equipped to navigate uncertainty. Importantly, workplaces also benefit from establishing clear channels for reporting AI-related concerns, whether these involve misuse, security incidents, or unexpected system behaviour. This approach must be supported by comprehensive compliance management frameworks and risk mitigation strategies to enable early detection signs or issues before they escalate. * Sikhosonke Mayekiso is an attorney currently employed as a state law advisor at the Department of Justice and Constitutional Development. ** The views expressed do not necessarily reflect the views of IOL or Independent Media.
The South African
2 days ago
- The South African
Truecaller under investigation for violating THIS law
A fascinating case is underway that sees Truecaller under investigation for violating the Protection of Personal Information Act (POPIA). For those who are unaware, Truecaller is an excellent mobile app that helps identify unknown, direct marketer and spam callers. However, as of this week, the Information Regulator confirms it has put Truecaller under investigation. Direct marketers are complaining that the Trucaller app harms their businesses by flaging their numbers and sharing their information illegally. South Africans use the Truecaller app extensively to identify unknown calls, especially from call centre agents. The technology behind it uses an AI-based system that identifies and flags unwanted calls. However, the Information Regulator now confirms that Truecaller is being accused of interfering with the running of these direct-marketing companies, reports The Citizen . 'Only upon conclusion of the investigation will we make a pronouncement. The complainant alleges that Truecaller interferes with these companies' right to privacy,' confirmed the regulator. Meanwhile, law experts say the regulator would need to see concrete data showing that businesses have been affected by the mobile app. The privacy of information act, created to uphold the privacy of citizens, might be successfully used to uphold the rights of direct marketing companies. Image: File With Truecaller under investigation in South Africa, a fascinating case will ensue. The Information Regulator has very strict guidelines for direct marketers. As such, citizens have every right not to be contacted unwillingly. Therefore, the complainants must show a direct link that Truecaller is harming their business. But there's another side to the coin, because law experts say a strong argument can be made that Truecaller is at odds with several POPIA provisions. If a call centre phones a customer, and the number comes up as spam, naturally the customer won't answer that call. Here in lies the conundrum. How does a call centre then contact a customers and prevent Truecaller from reflecting the number as spam? Another way to shield yourself from spam calls is the Direct Marketing Association's opt-out service. Image: File As such, the Information Regulator needs to strike a balance between data privacy and people's rights still to do business. However, you can also be proactive in getting rid of unwanted spam. If you want to opt out from direct marketing calls, visit The Direct Marketing Association's opt-out service. Simply register your details, and those who are members of the association will no longer contact you. Nevertheless, with Truecaller under investigation for POPIA violations, the regulator's outcome will set a precedent for other tech platforms in South Africa. The regulator has previously fined companies as much as R5 million for breaches of POPIA. If found non-compliant, Truecaller might face similar or higher fines and/or data deletion enforcements. Let us know by leaving a comment below, or send a WhatsApp to 060 011 021 1. Subscribe to The South African website's newsletters and follow us on WhatsApp, Facebook, X and Bluesky for the latest news.
The Citizen
3 days ago
- The Citizen
'We are the voice of the people,' Truecaller says amid probe over privacy
SA companies and individuals have lodged a complaint against Truecaller for violating Popia. Call screening app, Truecaller, has refuted claims that their app harms businesses, saying every individual has an 'inherent fundamental right to know who is calling them and the company enables their users to exercise it'. This comes after the Information Regulator confirmed it is investigating a complaint against Truecaller by several companies and individuals for violating the Protection of Personal Information Act (Popia). South Africans use the app extensively to identify unknown calls, especially from call centre agents. However, companies have complained that the Trucaller app harms their businesses because it flags their numbers and charges a fee to whitelist them. Truecaller responds However, the company has denied the allegations. An official Truecaller spokesperson told The Citizen that its mission is to 'empower users and make their communication safe and trustworthy.' 'We uphold the highest standards of data practices, whether it's about putting users in control of the information they share with us, minimising what data is processed through our servers or even the ability to completely remove themselves from Truecaller without any restrictions whatsoever. 'Truecaller is about providing users with safety in communication. The notion about whitelisting is completely false,' Trucaller said. ALSO READ: SA companies lodge complaint against Truecaller app for violating Popia Whitelisting The spokesperson added that businesses cannot pay Truecaller for any sort of whitelisting services. 'Truecaller does not offer any sort of whitelisting service to any person or business, in any region, regardless of any fee. If a business spams Truecaller users, and users report it as a spammer, it will be marked as a spammer. It is our job to protect people from unwanted communication, and we will always uphold that promise,' the spokesperson said. Patriotic While Truecaller is a call screening app, the company emphasised a patriotic stance reminiscent of a political party. 'We are the voice of the people and allow them to choose who is a spammer and who is not. The fee that Truecaller charges is for the 'Truecaller for Business' service, which allows them to verify their correct business name and include a logo with their Truecaller profile.' 'Upon validating their ownership of the given number with Truecaller, they also receive a verified business badge, the spokesperson said. ALSO READ: South Africa's Information Regulator acts against FT Rams over privacy law breach The spokesperson said this ensures users know that the number has been validated by Truecaller, and it belongs to the business to which it is attributed. This, it says, helps avoid scams and impersonation-type fraud. Trucaller offers three paid packages for its services, Premium, Family and Gold with subscriptions starting at R199 per year for Premium to R1 490 per year for the Gold package. Lawyers weigh in Werksmans Attorneys director Ahmore Burger-Smidt said the call screening app was at odds with several Popia provisions. However, law firm Norton Rose Fulbright's Rosalind Lake told The Citizen the Information Regulator would need to show a direct link that businesses have been affected by the Truecaller app. ALSO READ: Information regulator slaps DoJ with R5m fine for contravening privacy act
