Content for  TR 22.856  Word version:  19.2.0

With the proliferation of APIs in existing mobile applications already creating an extensive market for application exposure, API integration in emerging Metaverse applications and features is likely to emerge as a major functionality for enhancing experiences across extended reality functions that builds upon already-existing API development. Given the importance of consistent, reliable network access and the low-latency connections necessary to generate and maintain immersive experiences in Metaverse immersive experiences, one could reasonably expect the development of APIs supporting network exposure for configuring and optimizing network features for a diverse array of emerging functions in extended reality interactions. As 5G begins to support VR, AR, and MR interactions through the cellular network, questions surrounding the efficiency and trustworthiness of network exposure to application developers abound. In particular, the exposure of network characteristics through and the development of network-focused applications raises important questions around the privacy of user data with respect to the use of sensitive data around their internet usage, which could potentially reveal personally identifiable information about their location, environment, behaviour, or specific activities through such exposure. This concern extends beyond industry best practices and into emerging requirements from regulations such as the GDPR [52], CCPA [53], and other emerging national and international privacy regulation frameworks which specify the right of individuals to privacy across the lifecycle of data that could reveal personally identifiable information across a broad specification of contexts. It is thus incumbent on this body to proactively standardize the privacy features of the emerging 5GS in the context of APIs to ensure that such network exposure in application contexts does not expose providers or users to undue risks or liability.

The following pre-conditions and assumptions apply to this use case:

1. Jenna is developing an application that uses potentially personally identifiable information.
2. Jenna is aware of the existence and relevance of tuneable network characteristics to improve or augment an immersive experience, e.g., sufficient tools exist to modify characteristics like streaming bitrate in immersive contexts.
3. Jenna has access to exposed APIs allowing her to deploy these features in relevant experiences for immersive interaction.

1. Jenna develops an application that uses sensitive data, e.g., an application that uses the real-time location and/or environmental features of users' appearance and surroundings to generate a personal digital representation (e.g. avatar) in a mobile metaverse service activity.
2. Jenna uses an API exposing tuneable network characteristics to carry out some function, e.g., dynamically adjust the streaming resolution of generated mobile metaverse media (e.g. avatar/hologram,) or the streaming bitrate of the mobile metaverse media (e.g. avatar) in motion, based on higher-level network characteristics accessible in real time through the API.
3. Jenna develops an application that sends user information through the application to the network provider. Jenna does so in a way that is compliant with existing privacy transmission, storage, and processing standards. This means that Jenna's application considers relevant privacy-preserving features such as informed consent to process, transmit, store, and appropriately delete any personally identifiable information collected and ingested during the flow.
4. The application uses this information to optimize a network-level feature such as streaming bitrate corresponding to a tuneable knob through the API. The network provider also considers relevant privacy-preserving features ingested as part of the data exchanged during this process.
5. When ingesting potential personally identifiable information at the network and/or application level, application provider, user, and network provider receive transparent, verifiable guarantees that data has been processed, stored, and transited in compliance with existing regulations within the user's jurisdiction.

1. Jenna's digital representations (e.g. avatars) and other personally identifiable information generated through her application are able to safely exchange information through network exposure APIs without compromising the privacy of users or the network.
2. Network providers remain compliant with existing privacy regulations and best practices.

Not applicable.

[PR 5.19.6-1]