Friday, the 27th of July 2018, marked an eventful chapter in India’s drive towards protecting the rights of its citizens in data economy. Recommendations of the Justice Srikrishna committee on the ‘Personal Data Protection Bill’ generated immense interest both within India and globally. Both traditional and social media were abuzz with their opinion, views, debates and discussions. Consumer polls, coupled with experts, chimed in with their perspectives, so much so that some even pronounced their own ‘judgment’.
Barely a week before this mega event, on Thursday, July 19, the Telecom Regulatory Authority of India (TRAI) issued a 113-page clear and comprehensive pro-consumer but rather low-key notification entitled ‘The Telecom Commercial Communication Customer Preference Regulations’ (TCCCPR). This event attracted barely a murmur, even though it was just as historic. In fact, this is probably the first technology-driven major customer protection regulation that has ever been seen in India and probably in any country.
The key trigger point for the TRAI regulations was the fact that despite the popularity of processes like DND (Do Not Disturb, also known as the National Do Not Call Registry, or NDNC) which have had lakhs of users signed up, innumerable hapless consumers continue to get bombarded by unsolicited calls/messages on a daily basis. So much so that these calls have almost degenerated from nuisance to harassment.
Unsolicited Commercial Communications (UCC), or pesky unwanted calls or SMS, in common parlance, have been plaguing Indian mobile users for many years now. Successive regulatory bodies have battled this problem with limited success. TRAI came out with its first framework to curb the UCC menace as early as in June 2007, and then a revised TCCCPR in December 2010. The problems of UCC continued and the authority valiantly battled on with 16 amendments to its TCCCPR 2010 by 2014, and a Direction in August 2017. However, these heroic efforts did not eliminate the menace.
Operators have also been trying hard, but have had to plead helplessness due to bulk SMS providers and unauthorised agents who have sourced the data from leaks within the merchant ecosystem. All parties within the ecosystem agree that the vexing problem needs addressing.
A key nuance for any proposed solution has to take into account the fact that guidelines laid for tight implementation of commercial communication in no way create any kind of roadblocks or hurdles for the swift and seamless delivery of such messages to end-consumers.
From a regulatory perspective, a bigger challenge presented itself. If commercial communication could not be bound to respect data privacy (from entities operating within the country and in a highly regulated industry like telecom), what hope do we have of protecting the data privacy rights of our citizenry in the global realm of OTT services?
The ability to protect what is in our control is very much the first step towards guaranteeing the implementation of any new laws or policies. What is most impressive about TRAI’s proposed regulation is that it not only addresses the above listed problems, but also provides an extremely practical and detailed mechanism to implement the same. For the first time, a modern technology—Distributed Ledger Technology, or blockchain—is being invoked for bailing out the harassed customer.
Unlike regulations seen in other parts of the world regarding data privacy, this one stands out for the following reasons:
1. It is useful in a concept like GDPR, i.e. protecting the privacy rights of the citizens from unwanted messages. However, unlike other policies, it focuses on a single problem—commercial communication—and addresses its resolution in a holistic manner. Thereby, there is complete clarity for all parties on what exactly needs to be done and their respective roles in the protection exercise.
2. It is simple to understand and detailed on execution. Unlike regulations that are generally strong in theory and lacking in the specifics, this one not only specifies what needs to be done, but also provides technological and process guidelines on implementation. These include recommendations on technologies like blockchain and AI in specific areas, to keep the solution future-proof, scalable and cost-effective.
3. It is good for all as it protects citizens’ rights while maintaining business interests of trade and industry. Telecom operators, commercial entities, campaign management providers can all guarantee their revenues in the midst of dwindling messaging services. In short, a win-win for all the parties. This is clearly brought out by TRAI in its explanatory memorandum in Sections 11.6.1 to 11.6.4.
(a) Operators can potentially charge higher for authorised commercial content as well as enter into longer-term agreements with entities which mandatorily use transactional messages;
(b) Institutions like financial firms can guarantee customer privacy without the fear of unauthorised customer data access;
(c) Bulk campaign management providers can differentiate themselves through their best practices compared to the competition.
4. More importantly, the regulation allows for ecosystem providers to define their own set of ‘code of practices’ and self-regulate on the basis of ‘assumed compliance’. Regulatory bodies would only intervene to enforce in case of customer complaints showing non-compliance.
5. Finally, the key concept of fairness of ‘consent’ is well-addressed.
By embracing all of the above, regulators and ecosystem providers have shown their strong and deep commitment in building data-driven economy and also showing direction to other countries. These regulations embody technology, innovation and leadership in swiftly addressing a global top-of-mind problem. Moreover, the investment for implementing the new regulation could possibly be leveraged to deploy the technology for other revenue-generating apps and thus provide a reasonable Return on Investment. Truly, this historic regulation needs to get its well-deserved recognition and earliest implementation in our country.
By- TV Ramachandran and Kartik Raja. Ramachandran is President, Broadband India Forum; Raja is CEO, Phimetrics India Ltd. (Views are personal)