A Project by Meridian Bridge Strategy
Book Consultation
📱

DPDP Compliance for Telecom Companies

Telecom operators are India's largest data processors by volume — call records, location data, browsing history, and Aadhaar-linked identities. DPDP transforms how telcos handle subscriber data.

50/100 Avg. Score
2 Analyzed
13 Gaps Found

Telecom: India’s Largest Data Fiduciaries

India’s telecom operators — Jio, Airtel, Vi, and BSNL — collectively hold personal data on over a billion subscribers. Every call, text, and internet session generates metadata that reveals intimate details about subscribers’ lives. Under DPDP, telecom companies face the unique challenge of being both heavily regulated by TRAI and now subject to comprehensive data protection law.

The Call Data Record Problem

Call Detail Records (CDRs) contain:

  • Who you called and when (social graph mapping)
  • Call duration (relationship intensity)
  • Cell tower data (precise location tracking)
  • SMS metadata (communication patterns)

TRAI requires CDR retention for law enforcement purposes, but DPDP requires clear disclosure to subscribers about how long this data is kept and who can access it. Most telecom privacy policies don’t distinguish between mandatory regulatory retention and business-choice retention.

Location Data: The Most Sensitive Asset

Telecom operators have the most comprehensive location data of any industry. Through cell tower triangulation, they know where every subscriber is, 24/7. This data:

  • Reveals home and work addresses
  • Tracks daily movement patterns
  • Can identify religious worship locations visited
  • Shows hospital visits and sensitive venue attendance

Under DPDP, using this location data for advertising, analytics, or third-party partnerships requires explicit, informed consent — not buried in a 40-page terms document.

Aadhaar Linkage Complexity

Telecom subscribers’ SIM cards are linked to Aadhaar numbers. This creates a unique DPDP challenge — the combination of Aadhaar ID + location data + communication patterns creates one of the most comprehensive individual profiles possible. Any breach of this combined dataset would have extraordinary consequences.

Value-Added Services Data Creep

Modern telcos aren’t just connectivity providers — they offer payments (Airtel Payments Bank, Jio Financial), entertainment (JioTV, Wynk), and messaging services. Each additional service adds new data processing activities that must be separately consented to under DPDP.

Telecom Company Analyses

Telecom

Reliance Jio

47

Jio's 47/100 reflects the privacy challenge of India's largest telecom-retail conglomerate. Combining mobile network data (call logs, location, internet browsing) with JioMart shopping, JioCinema viewing, and JioSaavn listening creates the most comprehensive consumer profile in India — all under one privacy policy with bundled consent.

⚠️ No DPDP Act 2023 reference — relies on TRAI and IT Act
⚠️ JioMart, JioCinema, JioSaavn ecosystem creates comprehensive profiling
+5 more gaps detected
Feb 2026 View Report
Telecom

Airtel

52

Airtel scores 52/100, marginally better than Jio in transparency. However, the Airtel Ads business — which uses telecom subscriber data for targeted advertising — creates a fundamental DPDP tension. Telecom data collected for service delivery being used for advertising requires consent rearchitecture.

⚠️ No DPDP Act 2023 reference
⚠️ Airtel Xstream, Wynk, Airtel Payments Bank create profiling ecosystem
+4 more gaps detected
Feb 2026 View Report
📞 Free Consultation