Trai moves to rein in spam calls with new digital consent rule

This comes amid concerns over unwanted calls and messages, which consumers continue to face from sectors such as banking, financial services and insurance (BFSI) and real estate, among others. This also assumes further salience as the government is expected to soon notify the rules to implement the digital personal data protection (DPDP) Act, after which the companies will have to seek consent from users before using their personal data. 

According to the telecom regulator, despite technical readiness by telecom operators, senders of promotional communication, also known as principal entities (PEs), including banks, have not onboarded the Consent Registration Function (CRF), which is leading to underutilization of infrastructure and proliferation of non-compliant commercial communications. 

Trai chairman Anil Kumar Lahoti told Mint, “The issue is that a lot of entities claim to have the consent of users for receiving commercial calls and messages. There have been complaints from users against those and it is difficult to verify those consents. Therefore, the regulator wants the consent to be recorded digitally and also integrated into the new consent mechanism."

“The move will significantly empower consumers and after the pilot with banks is done, other sectors will be onboarded soon," Lahoti said, adding that once the principal entities are onboarded, consumers will have control on the consent, digitally.

Also read: Spam call battle: Telcos win round against regulator

In June 2023, Trai mandated a digital consent acquisition (DCA) system for telcos to manage and verify customer consent for commercial communications. The system, implemented under Telecom Commercial Communications Customer Preference Regulations (TCCCPR), aims to curb unsolicited commercial communications (spam) by creating a unified platform for registering and maintaining customer consent digitally. 

The principal entities such as banks, insurance companies and other firms that send promotional messages to consumers were asked to register user consent for receiving such messages. Principal entities hire telemarketers, which need to be registered with telecom operators, to send commercial messages. However, there are some senders/principal entities that have not adopted the DCA system.

“To strengthen the Consent Registration Function, the Authority considers it essential to operationalize a simplified, scalable and consumer-centric CRF framework through a controlled Pilot Project running within a Regulatory Sandbox to validate operational feasibility, technical performance and regulatory conformance," Trai said in its directions dated 13 June to telecom operators. A copy of the directions was seen by Mint.

On 4 June, Mint reported that Trai is soon expected to come up with detailed guidelines on the DCA framework to expedite the implementation of the system.

Read this: Next-gen telecom tech to get ₹1,000-crore yearly R&D boost under telecom policy

A regulatory sandbox is a controlled environment set up by a regulator that allows companies—often startups or innovators—to test new products, services, or business models with real customers, but under relaxed regulatory supervision and limited scope.

Starting the consent management function first with the banks, the telecom regulator will also come up with a programme notifying sector-wise roll-out in phases upon successful completion of the current pilot project, it said in its directions, adding that telcos need to integrate end-to-end distributed ledger technology (DLT) systems for consent recording and revocation. 

An end-to-end DLT system for consent would ensure instant recording of permission to receive or withdraw promotional messages, simultaneous update to all the stakeholders, and no promotional message is sent without valid, verifiable consent.

Trai has asked telecom operators to launch media/digital campaigns within a month to educate consumers about the Pilot Project and consent revocation mechanisms. “Access providers should also create a page on their websites and mobile apps within 30 days and 60 days, respectively, reflecting the issuance of this direction, with suitable content related to the pilot project and the available registration and revocation processes," Trai said in the directions.

To be sure, the government has been lately cracking down on spam and illegal numbers. 

According to data from the Sanchar Saathi portal, the government has taken action on more than 2.6 million suspected fraud communications received from users. This includes blacklisting 211 principal entities, over 1 lakh SMS templates, and blocking over 100,000 mobile handsets.

Also read: Spam calls: Vodafone Idea, Jio, Airtel tap vendors for caller ID service

“Spam is a big menace for the last 20 years. While this spam issue is very complex to be resolved fully but this consent framework will surely bring in some respite for the consumers," said Satya N. Gupta, former principal advisor at Trai.

“It is important for Trai to bring telemarketers under some sort of authorization framework as they are the source of spam calls and messages. If properly implemented, it will benefit the people at large," Gupta added.

In a release dated 2 April, the communications ministry had said the Department of Telecommunications (DoT) disconnected approximately 175,000 direct inward dialing (DID)/landline telephone numbers that were found to be involved in unauthorized promotional activities and illegal activities. 

Detailing process for seeking user consent for promotional communication, Trai said banks will upload the customers' consents (bulk or incremental), on the respective portals (or through any other mechanism) of the Originating Access Provider, through which a call or message is originally sent.

Bulk consents mean those consents that were lawfully obtained by the respective entities such as banks prior to their onboarding onto the consent registration facility of the telecom operators. Incremental consents refer to the user consents collected by an entity after it has been onboarded onto the consent registration facility.

Also read: Airtel, Google team up to counter Jio’s free cloud blitz with 100 GB storage

Trai said the banks and participating entities will have to submit an online undertaking about the genuineness and correctness of the consents being uploaded. Once a user’s consent is collected, the Originating Access Provider (OAP) will forward the consent details to the relevant Terminating Access Provider (TAP) to register it on the DLT platform. 

After registration, the TAP will immediately send a confirmation SMS to the customer from the short code '127xxx', informing them about the recorded consent. This message will also include an option to opt out. If the customer chooses to opt out, the recorded consent will be deleted from the DLT platform. 

Trai said there will be an interoperable framework for secure and real-time sharing of consents and consent-related data. Besides, consumers will be informed fortnightly by the TAPs about the consents recorded on CRF, the mechanism for consent revocation, and weblink to the TAP's portal where consumers can securely see the complete details of concerned principal entities. 

Post completion of the pilot project, telcos will have to submit the report within 10 business days to the regulator, which will include consent lifecycle analysis, technical evaluation, user interface review, consumer feedback and feedback for commercial scaling of the framework, etc.

In a meeting with the Joint Committee of Regulators (JCOR) on 25 April, Trai said the modalities for onboarding senders of commercial communication on DCA platform were deliberated. Trai will also constitute working groups comprising its representatives, telecom operators, RBI and banks to ensure day-to-day monitoring and preparation of necessary reports during and post-completion of the pilot project.

“JCOR members agreed to engage with the senders/principal entities within their jurisdiction to onboard them on DCA," Trai had said. 

And read: Mint Explainer: Trai's latest crackdown on spam calls—inside the latest measures

JCOR includes representatives from the Reserve Bank of India, Insurance Regulatory and Development Authority of India, Pension Fund Regulatory and Development Authority, Securities and Exchange Board of India and the ministry of electronics and IT among others.

Trai has fined telcos more than ₹140 crore over the years for failing to curb spam. The Telecom Disputes Settlement and Appellate Tribunal (TDSAT) has imposed an interim stay on Trai’s order. The case is scheduled to be heard by TDSAT next month.