The Telecom Regulatory Authority of India (TRAI) has directed various entities, including banks, financial institutions, insurance companies, trading companies, and others, to seek fresh explicit consent from telecom subscribers through Digital Consent Acquisition (DCA) for sending any Commercial Communications.
TRAI DCA Directive
In an effort to combat the menace of unsolicited commercial communications (UCC) and spam, TRAI issued a directive in June 2023, mandating all Access Providers to develop and deploy the DCA facility. This initiative aims to establish a unified platform and process for customers to digitally register their consent for receiving commercial messages via SMS or voice calls.
The move comes in response to various entities, including banks, financial institutions, insurance companies, trading companies, and others, sending commercial messages to telecom subscribers, often causing inconvenience. These entities are commonly referred to as Principal Entities (PEs) or Senders under the Telecom Commercial Communications Customer Preference Regulations, 2018 (TCCCPR-2018).
Challenges in the Prevailing System
The prevailing system of consent collection has posed challenges, as consents were obtained and maintained by different PEs, making it difficult for Access Providers to verify their authenticity. Additionally, there was no unified system for customers to provide or withdraw their consent.
Digital Consent Acquisition Process
Under the newly introduced Digital Consent Acquisition (DCA) process, customers can seek, maintain, and revoke their consents digitally, aligning with the regulations. The collected consent data will be shared on the Distributed Ledger Technology (DLT) Platform, established under TCCCPR-2018 for Commercial Communications. This platform will enable scrubbing by all Access Providers to ensure compliance with customer preferences.
" To streamline the process, a common short code, 127xxx, will be used for sending consent-seeking messages. These messages will explicitly state the purpose, scope of consent, and the Principal Entity/Brand name. Only whitelisted URLs, APKs, OTT links, call-back numbers, and other approved elements will be permitted in these messages. Furthermore, the consent acquisition confirmation messages will include information on how customers can revoke their consent," said TRAI in a statement.
Access Providers are required to develop an SMS/Online facility that allows customers to register their unwillingness to receive any consent-seeking messages initiated by any Principal Entity.
The regulator specifically highlighted that after the implementation of the DCA, existing consents acquired through alternative means will be rendered null and void. To ensure compliance with the new regulations, all Principal Entities will need to obtain fresh consent exclusively through digital means.
TRAI's DCA initiative marks a significant step toward enhancing customer preferences and reducing the inconvenience caused by unsolicited commercial communications.