Telco operator exposure platforms implementing CAMARA APIs should be built with a privacy-by-default approach to fully comply with data protection regulations, such as the GDPR regulation in Europe, which emphasises on user privacy. These regulations note that some CAMARA APIs may require user consent to be accessed. This forces the operators to provide means and appropriate solutions to capture, store and manage this consent through its lifecycle. Otherwise, the scoped CAMARA APIs cannot be rolled out in production networks. Building such a solution also means bringing in scope the identity of the end user and/or the subscriber (as both could be different) and making sure that end user experience of using the API is not compromised while doing so.
