The Telecom Regulatory Authority of India (TRAI) has directed principal entities (PEs) such as banks, insurance companies, trading companies, financial institutions and other entities, to take urgent necessary steps to be onboard the digital consent acquisition (DCA) system as per the stipulated timelines.
TRAI has taken various measures in the recent past to curb the menace of spam through unsolicited commercial communications (UCC). In this pursuit, TRAI issued a direction dated June 2, 2023, under Telecom Commercial Communications Customer Preference Regulations, 2018 (TCCCPR, 2018) to all the access providers to develop and deploy the DCA facility for creating a unified platform and process to register customers’ consent digitally across all access service providers and PEs.
According to TRAI, in the prevalent system, consent is obtained and maintained by various PEs. Therefore, it is not possible for the access providers to check the veracity of consents. Further, there is no unified system for customers to provide or revoke consent. The DCA process has the facility to seek, maintain, and revoke the consents of customers, as per the processes envisaged under TCCCPR, 2018. The consent data so collected will be shared on distributed ledger technology (DLT) platform, established under TCCCPR, 2018 for commercial communications, for scrubbing by all access providers.
Under the system, a common short code ‘127xxx’ will be used for sending consent-seeking messages. The purpose, scope of consent, and PE/brand name shall be mentioned clearly in the consent-seeking message sent through the shortcode. Only whitelisted URLs/Android application packages (APKs)/over-the-top (OTT) links/call-back numbers, etc. shall be used in the consent-seeking messages. The consent acquisition confirmation message to the customers shall also have information related to the revocation of the consent. Further, access providers shall develop an SMS/online facility to register the unwillingness of the customers to receive any consent-seeking message initiated by any PE.
TRAI has specifically highlighted that after implementing DCA, the existing consents, acquired through alternative means, shall be rendered null and void and fresh consents will have to be sought by all PEs through digital means only.
The regulator has directed all the PEs to take urgent necessary steps to be onboard the DCA system as per the timelines prescribed in the direction dated June 2, 2023.