Digital Consent Acquisition (DCA) in Compliance with TCCCPR-2018: A Step Towards Curbing Spam
It's important to note that, once DCA is implemented, existing consents obtained through other means will be considered invalid, and Principal Entities will need to secure fresh consents exclusively through digital channels.
In a bid to tackle the issue of unsolicited commercial communications (UCC), the Telecom Regulatory Authority of India (TRAI) has taken significant steps to regulate commercial messages sent via SMS or voice calls by various entities, including banks, financial institutions, insurance companies, trading firms, real estate companies, and more. These entities are known as Principal Entities (Pes) or Senders under the Telecom Commercial Communications Customer Preference Regulations, 2018 (TCCCPR-2018).
To address the problem of spam and maintain customer consent more effectively, TRAI issued a directive on June 2, 2023, under TCCCPR-2018. This directive instructs all Access Providers to establish and implement the Digital Consent Acquisition (DCA) system. The DCA system aims to create a unified platform and process for registering customers' consent digitally across all Access Service Providers and Principal Entities.
In the existing system, consent is obtained and managed by various Principal Entities, making it challenging for Access Providers to verify the authenticity of these consents. Furthermore, there is no unified system for customers to provide or revoke their consent. The DCA process addresses these issues by allowing customers to grant, maintain, and withdraw their consent in accordance with the processes outlined in TCCCPR-2018. The collected consent data will be shared on the Distributed Ledger Technology (DLT) Platform, established under TCCCPR-2018 for Commercial Communications. This platform will be used by all Access Providers for scrubbing and verification.
To streamline the consent-seeking process, a common short code, 127xxx, will be utilized for sending consent-seeking messages. These messages will clearly specify the purpose, scope of consent, and the name of the Principal Entity or brand. Only whitelisted URLs, APKs, OTT links, and call-back numbers will be permitted in these messages. Confirmation messages related to consent acquisition will also include information about how to revoke the consent. Access Providers will develop an SMS/online facility for customers to register their unwillingness to receive consent-seeking messages from any Principal Entity.
It's important to note that, once DCA is implemented, existing consents obtained through other means will be considered invalid, and Principal Entities will need to secure fresh consents exclusively through digital channels.
All Principal Entities are urged to take immediate action to integrate with the DCA system in accordance with the timelines specified in the directive issued on June 2, 2023. For any clarification, information, or details on this matter, Principal Entities can reach out to the relevant Access Providers.