DPDPA 2023 is a special law for protecting the “Privacy” of individuals in the digital space. It works closely with ITA 2000 in terms of Sections 43, 46 (Adjudication), 72A (Processors), 67C (Retention) and several other sections where “Personal Data” is the subject matter of law.
Additionally the Consumer Protection Act had also imposed certain responsibilities on the use of “Dark Patterns” by Data Fiduciaries making it a criminal offence in certain contexts.
Now TRAI has also amended the Telecom Commercial Communications Customer Preference Regulations (TCCCPR) 2018 to include certain guidelines which incidentally will be considered as “Due Diligence”/”Reasonable Security Safeguards” under DPDPA 2023.
One of the main concerns of the data principals is the unregulated spamming by way of telephone and SMS messaging by different operators. In the Singapore PDPPA 2012, a separate chapter is devoted for handling obligations related to “Do Not Call Registry “.
In India the DND registry has been in place for some time but the consumers had continued to get spam calls until recently when it has shown a decline. Now the recent amendments will further bring the spamming from Telecom companies under control.
Some time back TRAI wanted the display of the name of the caller based on the SIM registration data. But this seems to have been opposed and TRAI is now trying to introduce identifiers to the call numbers and messages so that recipients can distinguish the calls from the number itself.
It is now proposed that the messages would be distinguished by prefixes such as P for Promotional, S for Service, T for transactional and G for Government. For calls, the 140 series will be used for promotional calls, while the 1600 series is allocated for transactional and service calls, allowing recipients to easily identify the nature of the communication.
All senders and telemarketers must undergo physical verification, biometric authentication and mobile numbers linking to enhance security. There is a need to ensure that complaint filing mechanism is simplified and Operators maintain detailed records of complaints and sender information for quick identification of violators.
The telecom operators need to also monitor the call and SMS patterns to identify unusual activity such as high call volumes and short call durations which may signal spam. Operators also need to deploy honeypots to monitor emerging spam trends.
As regards consent requests, if a customer opts out of promotional messages, senders are prohibited from seeking consent once again for 90 days. Further, consent for an ongoing transaction will have a validity limitation of 7 days.
These regulations may be considered necessary due diligence for DPDPA Compliance in the Telecom companies.
The penalties may also be increased with Rs 2 lakhs for first violation, 5 lakhs for second and Rs 10 lakhs for subsequent violations when there is mis reporting of Unsolicited Commercial Communications. (UCC). Repeat offenders may face suspension of all telecom resources with a 15 day suspension to start with and black listing for subsequent violations.
When the spamming is undertaken by any other company such as the Banks, Stock brokers or Insurance agencies since the telemarketing facility is under the regulation of TRAI, the penalties envisaged above may also be made applicable on them though they may come under different sectoral regulators for their operations.
There is one issue however that if there is a penalty imposed under TRAI act for spamming , DPB may not be able to impose its penalties in the same context as it would become “double jeopardy”. When such complaints are received by DPB, it may exercise the option to direct the complaints to the sectoral regulators to the extent possible.
We suppose that these changes could reduce some of the spamming by the Telecom Companies.
Naavi
