TRAI mandates Digital Consent Acquisition System to combat unsolicited messages in India's telecom sector

livemint.com:

insurance companies, trading companies, and more, are known as Principal Entities (PEs) or Senders. The existing system, where consents are managed separately by PEs, makes it challenging for Access Providers to verify the authenticity of consents. The DCA process will offer a solution by allowing customers to seek, maintain, and revoke their consent as per the regulations set out in TCCCPR-2018.

This consent data will be shared on a Distributed Ledger Technology (DLT) Platform, also established under TCCCPR-2018, for thorough scrutiny by all Access Providers. To make the consent process transparent and user-friendly, a common short code "127xxx" will be used for sending consent requests. These messages will clearly state the purpose, scope of consent, and the Principal Entity or brand name seeking consent.

Only whitelisted URLs, APKs, OTT links, and call-back numbers will be permitted in these messages. Customers will receive a confirmation message when their consent is acquired, including information on how to revoke their consent. Moreover, Access Providers are mandated to develop an SMS and online facility that allows customers to register their unwillingness to receive consent-seeking messages from any Principal Entity.

Importantly, it is emphasized that after the implementation of DCA, existing consents obtained through other means will become null and void. All Principal Entities must acquire fresh consents exclusively through digital means. This regulatory move is a significant step forward in the ongoing battle against unwanted commercial communications and spam messages.