NextFin News - Truecaller is signaling a rare willingness to overhaul its core application features in South Africa as the country’s Information Regulator intensifies a probe into potential privacy violations. Mmathebe Zvobwo, Truecaller’s director for market development in South Africa, confirmed on Wednesday that the Swedish-headquartered company has submitted formal responses to the regulator following a complaint alleging multiple breaches of the Protection of Personal Information Act (POPIA). The investigation, which has been simmering since late 2024, centers on how the caller-identification giant processes the data of millions of South Africans, including those who have never downloaded the app.
The friction lies in Truecaller’s fundamental architecture. By crowdsourcing contact lists from its users, the app creates a global directory that identifies callers for its 400 million active users. However, South African law requires that personal information be processed only with the subject's consent or for a legitimate purpose that does not disproportionately infringe on privacy. For the Information Regulator, the "legitimate purpose" of blocking spam is increasingly clashing with the rights of non-users whose names and numbers are uploaded to Truecaller’s servers without their knowledge. Zvobwo’s recent comments suggest that the company is no longer merely defending its existing model but is preparing for a scenario where the regulator mandates structural changes to how the app operates within South African borders.
South Africa represents a critical, high-stakes market for Truecaller. The country is plagued by one of the highest rates of phone-based fraud and telemarketing globally, making the app’s spam-filtering utility almost essential for daily life. Yet, the Information Regulator has grown more assertive under its 2026/27 performance plan, which prioritizes enforcement over education. If the regulator finds that Truecaller’s "enhanced search" or contact-uploading features violate POPIA, the company may be forced to implement a "South Africa-only" version of the app. This could involve stricter opt-in requirements for contact sharing or a more transparent mechanism for non-users to delist themselves—a move that would satisfy local law but potentially degrade the accuracy of the app’s identification engine.
The outcome of this probe will serve as a bellwether for other tech multinationals operating in the region. Unlike previous years where regulatory threats often ended in minor fines or "slaps on the wrist," the current climate under the Information Regulator suggests a shift toward mandatory product redesigns. For Truecaller, the challenge is maintaining the network effect that makes its service valuable while stripping away the data-gathering practices that regulators now view as predatory. Zvobwo emphasized that the company remains collaborative, waiting for the regulator’s final findings before pulling the trigger on specific feature removals or modifications.
Investors and privacy advocates are watching closely to see if Truecaller’s concessions in South Africa will trigger a domino effect in other jurisdictions with similar data protection frameworks, such as Nigeria or Kenya. By indicating an openness to change, Truecaller is attempting to preempt a scorched-earth enforcement action that could see the app banned or heavily restricted. The company is betting that a slightly less powerful app is a price worth paying to remain the dominant gatekeeper of South African telecommunications. As the investigation nears its conclusion, the tech industry is about to learn exactly where the line is drawn between public utility and private intrusion.
Explore more exclusive insights at nextfin.ai.
