Communications

User Data Privacy and Consent Management in 3GPP

By Hyesung Kim Samsung Research
By Rajavelsamy Rajadurai Samsung R&D Institute India – Bangalore
By Basavaraj Jayawant Pattan Samsung R&D Institute India – Bangalore

Introduction

In recent years, global regulatory trends have significantly emphasized privacy protection of personal data, driven by notable regulations such as the EU’s General Data Protection Regulation (GDPR) [1], the California Consumer Privacy Act (CCPA) [2], and similar authority activities emerging around the world. These regulations establish user consent as a foundational principle: individuals must be informed about how their data will be used and must obtain explicit permission before it can be collected, stored, processed, or exposed.

In the context of mobile communications system, the importance of user data privacy has also grown with the expansion of data-driven services related to location-based features, network analytics and exposure of network capabilities to third party applications. A service may be provided by the operator or by the third parties, which means user data privacy is applicable to utilization of the collected data within the operator domain and/or when shared to the third party (via north bound interface). Especially, collection of any data related to a user (as a subscriber of a mobile network) should ensure that the user retains the rights and control his/her own data, before and after being provided to the network.

Recognizing these trends, the 3rd Generation Partnership Project (3GPP), the global standards development organizations body specifying mobile telecommunications technology, has expanded efforts to provide standardized user consent mechanism over the mobile communications system and services. These efforts span multiple Service and System Aspects (SA) Working Groups (WGs) that address different aspects of user consent management, from service and security requirements to architecture.

This article provides a comprehensive overview of the user consent management framework specified for the 3GPP-defined 5G system and outlines potential considerations pertaining to its evolution in the upcoming 6G system.

User consent management framework in 3GPP 5G system

3GPP has identified potential issues that have impacts on subscriber privacy in 3GPP 5G system through the followings efforts:

    
(i)
identifying privacy protection scope (i.e., how to identify and categorize personal data processed within 5G system) [3],
    
(ii)
specifying where and how to set and store user privacy setting or consent per data processing purpose, e.g., location service (LCS) [4], data collection for analytics service at Network Data Analytics Function (NWDAF) and Minimization of Drive Tests (MDT), and network capability exposure [5], and
    
(iii)
designing how to enforce the stored user consent or privacy setting during data processing procedures.


Fig. 1 below depicts the comprehensive user consent management in 3GPP 5G system.

Figure 1. User consent management in 5G system

Scope of privacy-sensitive user data in 5G system

User data requiring privacy protection is considered to be any information relating to an identified or identifiable end-user. In 3GPP an end-user is a subscriber (of tele communication services) itself or has authorized a subscriber to provide consent on behalf of the end-users [3]. Such privacy-sensitive data include UE identifier (e.g., Mobile Station Integrated Services Digital Network; MSISDN), UE location (e.g., GPS coordinates, cell ID), UE measurement information.

Further, privacy protection may be required for the user data information at an application layer as well. Especially, when owner of the data (a.k.a. resource owner) has to provide authorization in order to consume such data for e.g., by the API Invoker at the northbound.

Acquisition of consent and privacy setting

In 3GPP, two subscription data types, user consent and Location Service (LCS) privacy profile, are specified to explicitly represent the end-user permission for given data set(s) to be stored, processed, and transferred [4], [5].

The user consent (as subscription data) indicates whether the user has given consent for a specific purpose (e.g., data collection for MDT, generation of analytics, exposure of the data).

The LCS privacy profile is defined to mitigate privacy risk for UE location information. Thus, it includes an indication of whether positioning (i.e., obtaining or calculating the UE location) is allowed or not.

The above user consent and LCS privacy profile are both stored in a core network function, called the Unified Data Repository (UDR) while these two data are provisioned through different methods in the UDR as follows. User consent is obtained from the end-user and configured by the operator in the UDR via a (non-standardized) procedure, whereas the LCS privacy profile can be provisioned by UE or application function (AF) via the procedures specified by SA2.

Common API Framework (CAPIF) in 3GPP has been enhanced to support Resource owner-aware Northbound API Access (RNAA), which enables the resource owner to issue an authorization grant to the API Invoker to support Northbound APIs invocation. Such authorization of the resource at the application layer is currently independent of the user consent stored in the core network at UDR.

Enforcement of user consent during privacy-sensitive data processing

User consent can be enforced within the 3GPP core network (CN) via the following operations: (i) determination of the purpose of data processing prior to the actual data processing, (ii) retrieval of consent related subscription data (i.e., user consent per purpose and LCS privacy profile) from Unified Data Management (UDM), noting that UDM can get the subscription data from the aforementioned UDR, (iii) decision on whether to accept any services or request for data processing based on the consent related subscription data, (iv) termination of data processing pertaining to the revoked consent

The following section describes details of coordinated approaches to standardization of the above user consent management across 3GPP SA2 (architecture), SA3 (security), and SA6 (application enablement) working groups.

Coordinated Standardization of User consent across 3GPP SA2, SA3, and SA6

Within 3GPP, three groups have taken primary roles in standardizing different aspects of user consent as follows:

Generic security requirements and mechanisms for user consent enforcement

SA3 addresses the privacy and security implications of user consent including generic security requirements and mechanism to support user consent enforcement in 3GPP services. Some of the important requirements documented in SA3 specification [3] are as follows:

    
-
The user consent parameters shall be stored in the UDM/UDR as subscription data. The user consent parameters shall be bound to the purpose of data processing.
    
-
The user consent parameters shall include whether the user consent is granted or not.
    
-
The user consent shall be effective only after the point in time that user consent was given. The user consent shall be effective until revoked. It means that there is no expiry/validity timer for the user consent parameters stored in the subscription data.
    
-
Any NF that is deemed an enforcement point for user consent shall support to retrieve the user consent parameters from the UDM and shall not accept any services or requests for data processing unless user consent is granted.
    
-
Any NF that is deemed an enforcement point for user consent shall support subscription to the user consent parameter change notification provided by the UDM.
    
-
Upon notification of user consent revocation, any NF that is deemed an enforcement point for user consent shall no longer accept any service request for data processing subject to a revoked user consent.
    
-
Upon notification of user consent revocation, any NF that is deemed an enforcement point for user consent may notify other NFs to halt the processing of the data subject to the revoked user consent.
    
-
Upon notification of user consent revocation, NFs (processing the data pertaining to the revoked consent) shall halt processing and collection of the data.
    
-
Upon notification of user consent revocation, NFs may delete, quarantine, or temporarily retain the data pertaining to the revoked user consent based on local policies and legal constraints.


Based on the above requirements and the generic mechanism defined by SA3, SA2 provides technical realization for them by specifying architecture and procedures for user consent in 5GS as follows.

Architecture and procedures for user consent management in 5GS

SA2 specifies overall system architecture and how UE and network functions (NFs) such as NEF, UDM and UDR operate to enforce the user consent check for UE data processing cases, e.g., UE data collection at NWDAF and UE location information acquisition [6].

Figure 2. An illustration of (a) user consent check for specified purposes and (b) permission mechanism for calculating and accessing UE location based on UE LCS privacy profile. Note that some NFs are not depicted for simplicity.

Fig. 2-(a) shows the user consent check for different purposes, which include UE measurement collection for MDT, UE-related data collection in the CN for analytics/training at NWDAF, and network capability exposure to outside of the CN. This user consent check shall be performed before processing or exposing UE related data. For example, the NWDAF shall check if user consent is given in UDM/UDR before requested UE-related data from data source NFs [7].

As depicted in Fig. 2-(b), SA2 specification provides a dedicated mechanism for checking whether acquisition of UE location is allowed based on UE LCS privacy profile, which also include information related to which entity are permitted or conditionally permitted to obtain UE location information. The LCS related NF (e.g., Gateway Mobile Location Centre; GMLC) in the CN checks the UE LCS privacy profile via UDM when it is requested to provide UE location. Also, during a positioning procedure, it is supported that the CN can notify the positioning target UE with privacy verification, indicating the identity of the requestor of UE location (i.e., identity of LCS client). Once the UE receives this notification for privacy verification, the target UE notifies the end-user of the location request and waits for the user to grant or withhold permission. As a result of this interaction between UE and the end user, the UE indicates to the CN NF whether permission is granted or denied by the user for the current LCS request. Additionally, Location Privacy Indication, an information element in UE LCS privacy profile, can be provided and updated by UE and/or AF as depicted in Fig. 2-(b). [4].

User data privacy protection for application layer

3GPP SA3 and SA6 have jointly specified the application layer mechanism Resource owner-aware Northbound API Access (RNAA) for enabling the authorization of an API invoker when the invoked API is associated with the resource owner (i.e., when the API invocation requires processing or exposing the resource related to end user as MNO subscriber). For example, the API invoker (e.g., application function in Fig. 1) accesses the resources exposed by 3GPP northbound APIs (e.g., API exposed by NEF in Fig. 1) and these resources may require exposure of end user specific information (e.g., UE location). The Authorization function (as shown in Fig. 1) obtains consent from the resource owner (e.g., via resource owner client on the UE) to issue an authorization grant to the API invoker. Fig. 3 illustrates the realization of the AF-originated API invocation use case where a gaming server invokes the service API based on the trigger from a gaming client on the UE, using the CAPIF RNAA procedures [8].

Figure 3. An illustration of a typical flow for CAPIF RNAA

Conclusion

As 5G system has evolved to incorporate data-driven services such as location-based services, network analytics and exposure of network capability, 3GPP SA WGs have been actively working to enhance user data privacy protection through standardization efforts related to user consent management.

For the upcoming 6G system, it is expected that data-driven services would be further extended to include AIML based operations, and integrated sensing and communications. Also, it is anticipated that regulatory bodies are developing and enforcing regulations to protect personal data. In line with this, Samsung continues to contribute to the 3GPP standardization of privacy protection in mobile communications system.

References

[1] General Data Protection Regulation, https://gdpr-info.eu/issues/consent/

[2] California Consumer Privacy Act, available at https://oag.ca.gov/privacy/ccpa

[3] 3GPP TS 33.501: "Security architecture and procedures for 5G System"

[4] 3GPP TS 23.273: "5G System (5GS) Location Services (LCS); Stage 2"

[5] 3GPP TS 23.502: "Procedures for the 5G System (5GS); Stage 2"

[6] 3GPP TS 23.501: "System architecture for the 5G System (5GS); Stage 2"

[7] 3GPP TS 23.288: "Architecture enhancements for 5G System (5GS) to support network data analytics services; Stage 2"

[8] 3GPP TS 23.222: "Common API Framework for 3GPP Northbound APIs; Stage 2"

#3GPP #User Data Privacy

Related Stories

​
First Light of the AI/ML Empowered RAN in 3GPP On August 16, 2023
​
A Journey with Stars On June 28, 2022
​
Enabling mmWave Wireless Communications for High-Speed Railway On June 3, 2022
​
Mission Critical Services Standards: Advancing Critical Communications Across Industries On August 31, 2021
​
From AI Concept to Real World: AI-powered Modem for Next Samsung Cellular Networks On May 26, 2025
​
AI-Driven Modem Innovations for Shaping the Future RAN On April 28, 2025
DreamCache: Finetuning-Free Lightweight Personalized Image Generation via Feature Caching