The Telecom Regulatory Authority of India (TRAI) has told businesses using digital marketing that they’ll have to obtain all-new consent records from customers in order to use a new mandatory unified platform that tracks consumer consent.
In an effort to curb mobile spam, TRAI issued a directive in June 2023 ordering access service providers to develop a Digital Consent Acquisition (DCA) facility that would provide a unified platform and process to digitally register consent from mobile users to receive marketing messages via SMS or voice.
The issue at hand was that data on consumer consent was collected and stored by the various businesses using telecoms for digital marketing. With all the consent data scattered across so many entities, access providers had no way to verify the accuracy of consent information. Meanwhile, consumers who wished to provide or revoke the consent had to do so via each individual business.
The DCA platform uses distributed ledger technology (DLT) technology to collect and maintain all consumer consent records in one place
The June order said that businesses in the banking, insurance, finance and trading sectors who use digital marketing channels should onboard the DCA platform by September 30, while all remaining businesses should do so by November 30.
On Tuesday, TRAI issued a notice reminding all businesses to take "urgent necessary steps" to onboard the DCA system according to its timeline.
The notice also informed them that once they do so, all existing consent records “shall be rendered null and void”.
In other words, businesses can’t just transfer existing consent records to the DCA platform. They have to send new consent-seeking messages via the DCA platform to users who have already given consent.
Under DCA guidelines, businesses must use a specific short code to send consent-seeking messages. The messages should clearly state who they’re from and the scope of the consent, and provide clear information on how users can revoke consent later.
The DCA also requires access providers to register those users who don’t want to receive consent-seeking messages at all.
