tech-invite   World Map     

3GPP     Specs     Glossaries     Architecture     IMS     UICC       IETF     RFCs     Groups     SIP     ABNFs       Search

Top          in Index          Prev          Next

TR 33.849 (SA3)
Study on Subscriber Privacy impact in 3GPP

|   ToC   |   3GPP‑Page   |   Help   |

(W-zip) V14.0.0    2016/03    31 p.


Rapporteur:  Dr. Gao, Feng
See also:  –


In the past, privacy has been taken into account in the design of 3GPP systems. Examples of this include the use of temporary identities such as the T-IMSI and confidentiality protection of the user plane traffic. The work with privacy has been included as a part of the work with defining security for the 3GPP systems and the privacy requirements have been handled as a subset of the security requirements.

Even though 3GPP has worked with privacy since the start, the responsibility became more direct in the end of 2011, when the SA3 updated its terms of reference to explicitly include privacy. There has also been an increased awareness of privacy related questions in o3GPP. This has led to more questions regarding privacy when they define new functions. These are reasons why privacy needs to be treated, not only as a part of security, but as a topic in its own right to raise the assurance that it is taken care of properly.

A core part of increasing the assurance around privacy is to establish a baseline for privacy which ensures that an articulated set of privacy principles are kept when designing 3GPP systems.

The present document presents privacy principles that should followed in 3GPP when designating new systems, security architectures and protocols. Not only will such principles provide guidance on what needs to be considered and to some extent how, but their mere existence will serve as a constant reminder to consider privacy the day-to-day work. In addition, some principles/technologies can be a reference for vendors' products design. Also, it can be an aid for operators when working with subscriber data whose collection and use may not be in scope of the 3GPP specifications.

The present document studies the subscriber privacy impact in 3GPP. In particular, the goals of the present document are:
  • Identify and understand privacy related key issues impacting 3GPP networks.
  • Identify and potentially harmonize privacy requirements, e.g. MDT/SON.
  • Identify existing/ongoing work relevant to 3GPP privacy issues in external standard bodies, for potential reuse in 3GPP, e.g. IETF RFC 6973.
  • Identify privacy risk mitigation approaches and establish privacy handling guidelines/principle and/or best practices for 3GPP for future specifications.
It is not an objective of the study to examine all existing 3GPP specifications in retrospect with respect to privacy.

NOTE: The result of this study is captured in Annex F.


 

Here          Top

 

 

1   Scope   Word-p. 6
2   References
3   Definitions and abbreviations   Word-p. 7
4   General description
5   Privacy threats - Description of key issues of Subscriber Privacy Impact (SPI)in 3GPP   Word-p. 10
5.1   Introduction to privacy threat section
5.2   Privacy category related      Up
5.3   Personal data management lifecycle
5.4   Privacy operation and maintenance related
6   Solutions / Threat mitigation
7   Privacy guidelines   Word-p. 20
8   Conclusion   Word-p. 21
A   OECD privacy principles
B   Privacy regulations   Word-p. 23
C   Definitions of personal data in different countries or areas   Word-p. 24
D   The seven foundational principles in Privacy by Design(PbD)   Word-p. 26
E   GSMA privacy principles   Word-p. 27
F   Privacy guidelines for writing 3GPP TRs and TSs   Word-p. 28
G   Change history

Up          Top