The Data Commissioner has urged vigilance in the use of an ‘illegal’ website and application that shares highly personal information when a reverse telephone number search is run through its database.
The website and application –sync.me – is capable of providing personal details such as a person’s name, a photograph and address from a mere search of a person’s telephone number.
Even people who have never used the application or website are likely to be in the database because the application accesses users’ phone contacts and social networks.
It then makes all this information available to view on its public number-lookup website.
Even people who have never used the application or website are likely to be in the database
Sync.me says in its privacy policy it was gathering the data ostensibly to allow users to “identify callers and to block spam calls”.
The company says in its terms of use that users should have “all necessary permissions” to share their contacts’ information with the service. “The more our users ‘sync.me’ to identify numbers the more it helps us expand to grow within the sync.me community. Therefore, if you are unable to find a phone number now, within the next few days you may be able to find this unknown number.
“After installing sync.me, our users are then asked for permission to allow access to their address books in order to improve their phone search feature. Due to this, your number could have been integrated into our database,” the company’s privacy policy says.
People can ask to have their details removed by contacting the company directly. Questions sent to the company were not answered by the time of writing.
Contacted by the Times of Malta, a spokesman for the Data Commissioner said such reverse search mechanisms are illegal under EU regulations. Despite this, the Data Commissioner is powerless to act as the website is based in Israel.
“From limited information available to this office, this application, which seems to pick up mobile numbers and place them on the cloud where the ‘synchronisation’ process takes place, has its domain registered in Israel… It is clear that the processing operations undertaken by the company administering this website fall beyond the territorial scope contemplated under article 4 of the Data Protection Act.
“Consequently, the Commissioner has no jurisdiction to exercise his powers at law to investigate such website,” the spokesman said.
The Data Commissioner warned of the serious privacy risks posed by the website.
“Recognising the risks which this website, and any other similar websites that may emerge on the online digital platform, pose to data protection and privacy rights of Maltese and EU citizens, the Commissioner’s strong word of general advice is for everyone to be vigilant as to what personal information is made available on the internet and this coupled with the careful reading of the terms and conditions prior to consenting to an online service.
“This advice specifically applies to any Maltese citizen who may decide to subscribe to the services of this particular website,” the spokesman said.