From b4c9d407baa2fc02528fc638f546954c6b726d43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20Pe=C3=B1a=20Garc=C3=ADa-Oliva?= Date: Wed, 6 Nov 2024 09:40:56 +0100 Subject: [PATCH] Update documentation/CAMARA-API-access-and-user-consent.md Co-authored-by: Randy Levensalor --- documentation/CAMARA-API-access-and-user-consent.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/documentation/CAMARA-API-access-and-user-consent.md b/documentation/CAMARA-API-access-and-user-consent.md index 3369041..b330cb0 100644 --- a/documentation/CAMARA-API-access-and-user-consent.md +++ b/documentation/CAMARA-API-access-and-user-consent.md @@ -356,7 +356,7 @@ The documentation template below must be used as part of the API documentation i The "Camara Security and Interoperability Profile" provides details on how a client requests an access token. -The specific authorization flows to be used will be determined during onboarding process, happening between the API client and the telco operator exposing the API, taking into account the declared purpose for accessing the API, whilst also being subject to the prevailing legal framework dictated by local legislation. +The specific authorization flows to be used will be determined during the onboarding process, happening between the API client and the operator exposing the API, taking into account the declared purpose for accessing the API, whilst also being subject to the prevailing legal framework dictated by local legislation. In cases where personal data is processed by the API and users can exercise their rights through mechanisms such as opt-in and/or opt-out, the use of three-legged access tokens is mandatory. This ensures that the API remains in compliance with privacy regulations, upholding the principles of transparency and user-centric privacy-by-design. ```