On 2nd June, 2023, TRAI issued a Direction under the Telecom Commercial Communication Customer Preference Regulations, 2018 (“TCCCPR”) to all the Access Providers (“APs”) to develop and deploy the Digital Consent Acquisition (“DCA”) facility. The DCA facility is a unified platform and process to register customers’ consent digitally across all service providers and Principal Entities (“PEs”) to curb spams through Unsolicited Commercial Communication (“UCC”) . A period of two months has been allocated for the development of the DCA facility and will be implementing the same in a phased manner.
Salient features of the Directive:
- Issues with Status-Quo: Under the Direction, the TRAI has made the following observations pertaining to UCC and compliance with the TCCCPR within the status-quo:
- promotional messages are being sent without scrubbing (verification) of the consents of the customers registered, and further, these messages are being sent under the Service Message category;
- APs have not developed uniform process for registering the consent of the subscribers, as envisaged in the regulations;
- the consents acquired by the PEs are being used by the APs without re-verification and updation as provided for in the regulations;
- DCA and Revocation facilities are yet to be developed and to be deployed by the APs;
- Direction to APs: Under the Direction, APs have been instructed to:
- Ensure that no promotional messages are sent without scrubbing of the consent and preference of the customers;
- Ensure that no promotional messages are sent under the Service Message category;
- Develop and deploy DCA facility to –
- Enable subscribers to record their consents and revoke the same as provided in the regulations.
- Ensure that short code 127xxx (or any other code as prescribed by the TRAI) are used by all the APs for sending consent seeking message.
- Develop a SMS/IVR/Online facility to register unwillingness of the customers to receive any consent seeking message initiated by any PE. APs will also be required to whitelist the telephone numbers of such customers and ensure that no consent seeking messages are delivered to them.
- Ensure that the scope and PE/Brand name is mentioned clearly in the consent seeking message sent through the short code.
- Ensure that PEs whitelist existing URLs/APKs/OTT links/CalI Back number within one month after development of DCA facility and after that only whitelisted URLs/APKs/OTT links/Call Back number and others as may be specified by the TRAI from time to time are used in the consent seeking messages.
- Ensure that the consent acquisition confirmation message sent to the customers also has information related to revocation of the consent.
- Ensure that if a customer has rejected or not responded to the consent seeking requests, no such messages to the customer are initiated by the same PE for next ninety days for the same consent. However, customers will have the right to initiate the consent registration request on their own.
- Ensure that PE initiated consent acquisition process should begin only one month after the DCA Facility is fully functional and advertised or thirty days after successful implementation of DCA, whichever is earlier, and until then, only customer-initiated consent acquisition process is followed.
- Ensure that in the first month after the commencement of the PE initiated Consent Acquisition process, PEs belonging to the Banking, Insurance, Finance and Trading related sectors are on-boarded to initiate Consent Acquisition process and the remaining sectors will be onboarded within the two month timeline.
- Educate the PEs about the process of taking consent and its verification through APs and facilitate the on-boarding of PEs.
- Give wide publicity through various media including print media to the Digital Consent Acquisition/Revocation/whitelisting process for user awareness.
- No other mode of consent acquisition process can be adopted after successful implementation of the DCA platform.
The Direction is a much needed development in light of the significant rise in UCC spam over the past few years. TRAI has been continuously engaged in developing measures aimed at curbing UCC, including the development of a Do Not Disturb application, as well as, constant efforts aimed at ensuring compliance with header and content registration requirements. It is pertinent to note that the TCCCPR has pre-existing obligations for APs to develop/cause to develop an ecosystem to regulate the delivery of the commercial communications, including the facility to record consents of the subscribers acquired by the senders for sending commercial communication, maintenance of complete and accurate records of the consents and revocation of consent by its subscribers, in furtherance of which the consent records will be updated. Further, it is also the obligation of APs to ensure that no commercial communication is made to any recipient, except as per the preferences or digitally registered consents registered in accordance with the TCCCPR. Accordingly, this Direction will be a step further in providing APs with the ability to verify such consents and will be extremely beneficial for subscribers at large.
The Direction will be implemented phase-wise, with the first phase pertaining to only subscriber-initiated consent acquisition and subsequent steps will include PE initiated consent acquisition as well.