Privacy in 3GPP is about the appropriate handling of privacy related information between the user and service provider and between users in accordance with the preferences of the user and regulatory policies.
Building and maintaining trust between users of 3GPP services and the network operator requires the careful consideration and deployment of capabilities that safeguard confidential information about the user. Privacy is therefore seen not only as a value added service but also as a risk-reduction mechanism in terms of service deployment.
From a 3GPP perspective, a generic way to handle privacy related information is desirable in order to provide as far as possible a common set of rules that can be used by any service that requires the protection of personal data or information about a user.
Privacy is protected by regulation usually in the form of directives enforced by regional or national authorities. Where specific legal requirements exist, these need to be considered by each application to assure compliance.
The present document aims to investigate and summarise the existing service requirements on privacy for 3GPP services. In order to ensure that these services and future 3GPP services will have a consistent set of rules that control the availability and usage of confidential information, it is the intention to identify a common way to handle privacy related information in the network.
Generic privacy requirements for the mobile industry are also being defined in  by the Open Mobile Alliance and it is the intention of this document to present the existing requirements and any alternatives to achieving the required functionality within 3GPP networks.
The scope of this study is to:
Identify privacy related information that is used in the 3GPP system;
Identify the existing 3GPP services that handle privacy related information;
Identify the various stakeholders that handle, control or consume personal data, and to define their relationships;
Document the definitions of the various functions, stakeholders and functions involved in a privacy capability;
Identify the work being done by other organizations and the additional work to be done by 3GPP.
The types of data subject to privacy rules within the scope of this study include
Privacy related information specific to an individual user;
Privacy related information relating to entities such as corporations;
Network data such as serving cell and broadcast area, e.g. data that relates to the user's location or presence in the network, and which could be used by applications to track the user.
The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
References are either specific (identified by date of publication, edition number, version number, etc.) or non specific.
For a specific reference, subsequent revisions do not apply.
For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data http://europa.eu.int/smartapi/cgi/sga_doc?smartapi!celexapi!prod!CELEXnumdoc&lg=EN&numdoc=31995L0046&model=guichett
For the purposes of the present document, the terms and definitions given in  and the following apply.
Any information relating to an identified or identifiable natural person ("data subject") (an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity).
The appropriate handling of information that is deemed confidential between the user and service provider
Information relating to Personal Data of a user. Privacy Settings describe the rights and limitations of access to and processing of Personal Data.
Relationship between two entities that may be relied upon to ensure privacy