Overview
Bharti Airtel, India’s second-largest telecom operator, serves 350M+ subscribers. The Airtel ecosystem includes Xstream (streaming), Wynk (music), Airtel Payments Bank, Airtel Thanks (rewards), and Airtel Ads (advertising). The Airtel Ads business specifically monetizes telecom subscriber data for targeted advertising — a direct DPDP concern.
DPDP Readiness: Section-by-Section Analysis
Section 6 — Consent & Notice ⚠️
Airtel’s consent is more transparent than Jio’s but still bundled. The critical issue: Airtel Ads uses telecom data to create advertising audience segments. Users didn’t consent to their call patterns and internet usage being used for ad targeting when they bought a SIM.
DPDP requirement: Advertising use of telecom data needs separate, explicit consent — not bundled with service delivery.
Section 7 — Certain Legitimate Uses ⚠️
Telecom service delivery: legitimate. Using telecom data for Airtel Ads: not legitimate under DPDP’s narrow framework. Using network data to target Airtel Thanks rewards: gray area.
Section 8 — Obligations of Data Fiduciary ⚠️
Strong telecom security infrastructure. Airtel Payments Bank adds financial regulation compliance. However, multiple entities sharing subscriber data creates a complex security accountability chain.
Section 9 — Data Retention ⚠️
TRAI mandates cover CDR records. Undefined for:
- Advertising audience segment data
- Xstream viewing history
- Wynk listening preferences
- Payments Bank transaction patterns beyond regulatory mandates
Section 11 — Rights of Data Principal ⚠️
- No mechanism to opt out of Airtel Ads data use while keeping Airtel service
- No transparency on how telecom data feeds advertising segments
- No data portability for telecom history
- No nomination rights
Section 12 — Right of Grievance Redressal ⚠️
TRAI mandatory mechanism exists. No DPB reference.
Section 16 — Cross-Border Data Transfer ⚠️
Global operations in Africa and other markets may involve data transfer. No specifics on data localization for Indian subscribers.
Risk Assessment
| Category | Risk Level | Potential Impact |
|---|---|---|
| Regulatory fine | High | 350M+ subscribers |
| Airtel Ads data use | Critical | Telecom data for advertising = fundamental consent gap |
| Ecosystem profiling | High | Telecom + payments + streaming combination |
| Network-level data | High | Call records, browsing at ISP level |
| Data retention | Medium | Partial regulatory coverage |
The Telecom-to-Advertising Pipeline Problem
Airtel Ads creates a concerning data flow:
Telecom network → Call patterns, internet browsing, location → Audience segments → Advertisers
This pipeline uses data collected for one purpose (telecom service)
for a fundamentally different purpose (advertising) — without separate consent.Recommendations
- Separate telecom and advertising consent — “We provide telecom service [mandatory]. Use your data for targeted advertising? [optional]”
- Create Airtel Ads opt-out mechanism — Allow subscribers to prevent telecom data from feeding advertising programs
- Define advertising data lifecycle — “Advertising audience segments: refreshed quarterly, based only on consented data”
- Implement ecosystem privacy controls — Per-service data sharing toggles for Xstream, Wynk, Payments Bank
- Add DPDP compliance — Reference the Act, integrate DPB, and implement Section 14 nomination
How Does Your Policy Compare?
Take the free 60-second DPDP Audit to check your own company’s liability under the DPDP Act — 16 quick questions, instant risk report.
Analysis conducted by DPDP Consulting, a Meridian Bridge Strategy initiative. For a comprehensive compliance roadmap, book a free consultation.