The Telecom Commercial Communications Customer Preference Regulations, 2018 is a significant step towards regulating unsolicited commercial communication. The Regulations confer wide powers on access providers to deal with unsolicited commercial communication and provide for granular customer preferences and consent to be considered while sending commercial communication.
The Telecom Commercial Communications Customer Preference Regulations, 2018 (2018 Regulations) issued by the Telecom Regulatory Authority of India (TRAI) provide a revised regulatory framework aimed at regulating 'unsolicited commercial communication' (UCC) in India. The 2018 Regulations will take effect in a phased manner over a period of 150 days from 19 July 2018 and will replace the Telecom Commercial Communications Customer Preference Regulations, 2010 (2010 Regulations).
The new regulatory framework has devolved control and regulatory powers to access providers, who are now required to establish their own codes of practice (CoPs) to deal with UCC. This is a significant change from the 2010 Regulations, which tried to regulate the telemarketers directly. This will impact most companies which provide B2C services across sectors.
The 2018 Regulations provide for a wide range of customer preferences which are to be implemented in near real time using Distributed Ledger Technology (DLT) to make communications traceable and capable of being controlled effectively. The 2018 Regulations also provide for the use of cloud-based solutions for handling complaints, the registration of headers and preferences, and use of smart contracts for automated allocation of roles between entities in the commercial communication ecosystem. The technology-based solutions are required to be tested in regulatory sandboxes under the oversight of the TRAI.
This update provides a snapshot of the key requirements and compliances for different participants in the ecosystem and a brief comparison of the significant changes in the regime governing commercial communication.
1. Key Definitions
Commercial Communication and UCC
Commercial communication is defined as any voice call or message using telecom services, where the primary purpose is to inform, advertise, or solicit business for, (a) goods or services, (b) a supplier or prospective supplier of goods or services, (c) business or investment opportunities, or (d) a provider or prospective provider of such opportunities.
UCC is defined as commercial communication that is not in accordance with the consent or the registered preferences of telecom subscribers. Transactional messages or calls, service messages or calls and communications made under the direction of the Central Government and the TRAI are excluded from the scope of UCC.
Transactional and service messages or calls
Transactional messages or calls are those triggered by a transaction performed by the subscriber, such as a banking transaction, delivery of OTP and purchase of goods and services. These messages or calls must be sent within thirty minutes of the transaction.
Service messages or calls are sent to subscribers with their consent and for facilitating, confirming or completing transactions, providing warranty information, product recall information, or security information about commercial products or services bought by the recipient.
The 2010 Regulations categorised commercial communications into transactional messages and non-transactional messages but did not contain any specific provision with respect to transactional calls. Further, transactional messages were not subject to customer preferences and were defined broadly to include any message received as part of availing goods or services.
The 2018 Regulations take a more nuanced approach to categorising commercial communications. The specific inclusion of transactional and service calls will exempt from the scope of UCC, calls made by entities in relation to their business based on consent.
2. Access Providers
The 2010 Regulations required telemarketers to register with the TRAI and scrub the National Customer Preference Register (NCPR) to ensure that their communications were in accordance with customer preferences. Telemarketers were made accountable to access providers who were in turn accountable to the TRAI.
Under the 2018 Regulations, access providers are required to act as co-regulators and are responsible for registering all entities making commercial communications and ensuring their compliance with the 2018 Regulations. This is a significant shift in the way telemarketing will be regulated in India. The 2018 Regulations lay down the broad regulatory requirements, and access providers must implement them in practice through CoPs approved by the TRAI.
Access providers, in consultation with each other, are required to prepare CoPs that address entities, customer preferences, handling of complaints, UCC, and monthly reporting requirements to the TRAI. Therefore, the compliance requirements applicable to a sender under the 2018 Regulations will depend upon the CoPs of the specific access provider providing the telecom resources to such sender. This is likely to create non-uniform practices in the market, but the TRAI's intention seems to be to let the market determine the best possible ways to deal with UCC. In any event, the TRAI will have oversight over the CoPs which will ensure that it does not deviate from the stated objectives.
The 2018 Regulations require access providers to prepare a migration plan for existing data and for the processes and roles played by different entities. Databases under the control of the TRAI such as the NCPR are required to be migrated, and consents and preferences are required to be registered with access providers in accordance with access provider's migration plan. CoPs in this regard will have to adopted by the access providers by 16 November 2018.
3. Registration Requirements and Compliance
A 'telemarketer' is defined as a person or a legal entity who is engaged in the activity of transmission or delivery of commercial communication, scrubbing or aggregation.
A 'sender' in relation to a commercial communication includes the person or legal entity making the commercial communication, as well as the person or entity on whose behalf such communication is made and any person or entity dealing with the goods, services, business or investment opportunities being marketed through the commercial communication. Upon a literal reading of this definition, businesses that contract telemarketers for making commercial communications on their behalf would fall within its scope, implying that such businesses will require registration as telemarketers. The 2010 Regulations only mandated entities carrying out the telemarketing activities to register as telemarketers.
Under the 2018 Regulations, all senders of commercial communications are required to be registered with access providers. Senders without a telemarketer registration may have their telecom services capped, and upon repeat violation, telecom services provided to the sender may be disconnected altogether. Senders of commercial communication must also register (a) content templates for the different kinds of commercial communications (transactional messages, service messages and promotional messages); and (b) a template for obtaining consent from the message or call recipients, for each type of commercial communication. The consent template must indicate the sender and the purpose of the commercial communications. Each sender of commercial communication would be assigned a unique alpha numeric header upon registration. Businesses previously sending transactional and promotional messages under the 2010 Regulations may face additional compliance requirements under the new regime with respect to submitting and adhering to content and consent templates for their commercial communication.
4. Customer Preferences
Consent under the 2018 Regulations
Consent may be explicit or inferred. Inferred consent is when consent can be understood from the customer's conduct or the relationship between the sender and recipient. A relationship refers to a prior or existing relationship between the sender and recipient for business reasons, based on (i) a purchase or transaction made by the receiver; (ii) an enquiry regarding products and services; or (iii) for social reasons, by voluntary two-way communication between the sender and recipient. This was a much -needed change as the 2010 Regulations did not properly differentiate between solicited and unsolicited communication, leading to practical challenges for companies indulging in bona fide business practices.
The 2018 Regulations introduce for the first time the concept of 'social reasons'. There is no requirement on senders to obtain explicit consent or register consent templates, in such cases, but the scope of the term is unclear. The Australian Spam Act, 2003, makes a provision for inferred consent based on conduct or business or other relationships, but does not make any reference to social reasons. It is likely that this term has been inserted in the 2018 Regulations to cover bilateral communications pertaining to goods or services, business opportunities, etc., that would fall under the definition of 'commercial communications' This provision would provide greater flexibility to businesses to send commercial communications where there are two-way communications.
It is important to note that communications based on explicit consent must include a suffix providing for the procedure through which customers can revoke consent.
Access providers must maintain registers based on DLT that act as regulatory pre-checks to ensure that commercial communications on the access providers' networks are lawful. These include registers of each entity in the commercial communication ecosystem, preferences of the consumers consent and various templates for the different kinds of communications.
Access providers must ensure that all commercial communications occur in accordance with registered customer preferences or consents. For this purpose, entities carry out the process of 'scrubbing', where they verify whether a customer has opted out of receiving such commercial communication to their telephone number(s). Under the 2010 Regulations, registered telemarketers were required to scrub numbers against the NCPR database maintained by the TRAI. However, under the 2018 Regulations, the scrubbing function is required to be carried out by entities registered as scrubbers with access providers.
Scrubbers are required to check the list of target telephone numbers obtained from the sender against the consents and preferences maintained by the access provider on a distributed ledger. The Explanatory Memorandum of the 2018 Regulations states that the distributed ledgers are to be synchronised in real time between different access providers to enable scrubbing. However, the 2018 Regulations do not contain provisions on how the DLT will function.
The scrubbed list of telephone numbers must then be provided to senders, who will deliver the message in accordance with the scrubbed list. For inferred consent, communications are required to be sent out under the templates and headers assigned. Therefore, where there is inferred consent scrubbers are required to check against such headers and content templates on a sample basis to ensure compliance.
The absence of stipulation of how DLT will operate and introduction of scrubbing entities as another player in the eco-system is likely to cause errors in the scrubbing and database maintenance process.
Mere intermediaries providing cloud services or bulk messaging services through which messages are routed do not require registration as telemarketers, if they do not qualify as 'senders' under the 2018 Regulations.
The 2018 Regulations however empower access providers to regulate such intermediaries and platforms by requiring them to register or sign up to agreements in accordance with the respective access providers' CoPs. This will mean that cloud telephony providers and platform services which are currently unregulated will be regulated henceforth.
6. Complaints Mechanism
Access providers are also required to establish a Customer Complaint Registration Facility (CCRF) and provide for different means of lodging complaints for violation of a customer's registered preferences via call or SMS to 1909, calling customer care, mobile app, interactive voice response systems, Unstructured Supplementary Service Data codes, etc. Complaints must be made within three days of receipt of the UCC.
If the sender is a registered telemarketer and has not carried out all the regulatory pre-checks in accordance with the 2018 Regulations, the originating access provider must take action against the telemarketer within two business days in accordance with its CoP. The 2018 Regulations therefore allow a more flexible system where access providers may determine the action to be taken against non-compliant registered telemarketers in accordance with their respective CoPs.
If the sender is an unregistered telemarketer, the originating access provider must examine the call detail records and check the number of complaints made against the sender in the last seven days. If there have been ten or more, the sender's telecom services are put on a usage cap of twenty SMSs and twenty calls per day. Usage caps may extend for up to two years, depending on repeat violations.
Senders who are found by the originating access provider to have engaged in sending UCC, may face blacklisting for a period of two years after the third instance of such violation. This has far reaching implications on corporate connections and direct inward dial form of connections, among others, as it may affect all the individual connections that the sender has obtained.
The TRAI has the power to examine such usage caps and disconnection of telecom resources and to require access providers to remove usage caps or delete the sender from the blacklist.
Any originating access provider failing to curb the UCC sent through its networks would be subject to a financial disincentive under a three -strike policy per calendar month. The maximum penalty for failure to curb UCC may extend to INR 5,000,000 per calendar month. Further, access providers may impose financial disincentives on entities in case of any contravention of its obligations prescribed under the 2018 Regulations. The 2018 Regulations also impose an obligation on the access provider to comply with the CoPs, failing which, the access provider would be liable to pay a penalty by way of financial disincentive which may extend up to INR 1,000,000.
In addition to the specific penalties prescribed under the 2018 Regulations, the TRAI may constitute an inquiry committee to inquire into any contraventions of the 2018 Regulations by access providers. If on inquiry, the access provider is found to be in contravention of the 2018 Regulations, it would be liable to pay a penalty that may extend up to INR 1,000,000 in a week of contravention.
8. Other Highlights
Calls made with Auto-dialers
Senders are prohibited from initiating calls with an auto dialer that may result in abandoned or silent calls. To use auto-dialers without resulting in silent or abandoned calls, the sender must inform the access provider and set limits on such calls as required by the 2018 Regulations and the CoPs of the access provider. For example, business entities returning calls to all customers who express interest in their products must comply with the limitations on using auto-dialers.
'Robo calls' have been defined as calls made to any customer using an artificial or prerecorded voice to interactively deliver a voice message without the involvement of a human being on the calling side for participating in the dialogue. Under the 2018 Regulations, customers may opt-out and opt back in for receiving commercial communication through robo calls. The CoPs must account for reporting of entities found to be engaged in making such calls when brought to the notice of the access provider.
It would be interesting to evaluate the implications of this new regulation on calls made by new technologies such as Google Duplex which may fall within the scope of the definition of 'robo calls'.
Possible Derecognition of Smartphones
The 2018 Regulations require access providers to ensure that all smartphone devices registered on their networks support the permissions required for the functioning of mobile applications that are developed by TRAI or an entity approved by TRAI (TRAI Apps) within a period of six months. The date from which this six -month period would be calculated has not been clarified.
The TRAI Apps will support various functionalities such as registering customers' preferences and allowing customers to make complaints against senders of UCC. Devices that do not permit functioning of the TRAI Apps are required to be derecognised by access providers, based on orders/directions issued by TRAI. Device manufacturers will be given a reasonable opportunity to make representations to TRAI before such an order/direction is passed. Some device manufacturers have objected to this requirement as it may compromise customer privacy standards on the device and have created secure alternatives to the TRAI Apps. It remains to be confirmed whether such alternative versions will be acceptable to the TRAI.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.