Tech-invite  3GPPspecsRELsGlossariesSIP

Top   in Index   Prev   Next

TR 33.849SA3
Study on Subscriber Privacy impact in 3GPP

use "3GPP‑Page" to get the Word version
for a better overview, the Table of Contents (ToC) is reproduced
V14.0.0 (Wzip)  2016/03  31 p.

Rapporteur:  Dr. Gao, Feng

In the past, privacy has been taken into account in the design of 3GPP systems. Examples of this include the use of temporary identities such as the T-IMSI and confidentiality protection of the user plane traffic. The work with privacy has been included as a part of the work with defining security for the 3GPP systems and the privacy requirements have been handled as a subset of the security requirements.
Even though 3GPP has worked with privacy since the start, the responsibility became more direct in the end of 2011, when the SA3 updated its terms of reference to explicitly include privacy. There has also been an increased awareness of privacy related questions in o3GPP. This has led to more questions regarding privacy when they define new functions. These are reasons why privacy needs to be treated, not only as a part of security, but as a topic in its own right to raise the assurance that it is taken care of properly.
A core part of increasing the assurance around privacy is to establish a baseline for privacy which ensures that an articulated set of privacy principles are kept when designing 3GPP systems.
The present document presents privacy principles that should followed in 3GPP when designating new systems, security architectures and protocols. Not only will such principles provide guidance on what needs to be considered and to some extent how, but their mere existence will serve as a constant reminder to consider privacy the day-to-day work. In addition, some principles/technologies can be a reference for vendors' products design. Also, it can be an aid for operators when working with subscriber data whose collection and use may not be in scope of the 3GPP specifications.
The present document studies the subscriber privacy impact in 3GPP. In particular, the goals of the present document are:
  • Identify and understand privacy related key issues impacting 3GPP networks.
  • Identify and potentially harmonize privacy requirements, e.g. MDT/SON.
  • Identify existing/ongoing work relevant to 3GPP privacy issues in external standard bodies, for potential reuse in 3GPP, e.g. IETF RFC 6973.
  • Identify privacy risk mitigation approaches and establish privacy handling guidelines/principle and/or best practices for 3GPP for future specifications.
It is not an objective of the study to examine all existing 3GPP specifications in retrospect with respect to privacy.
NOTE: The result of this study is captured in Annex F.

full Table of Contents for  TR 33.849  Word version:   14.0.0

Here   Top
1  ScopeWord-p. 6
2  References
3  Definitions and abbreviationsWord-p. 7
4  General description
5  Privacy threats - Description of key issues of Subscriber Privacy Impact (SPI)in 3GPPWord-p. 10
5.1  Introduction to privacy threat section
5.2  Privacy category relatedUp
5.3  Personal data management lifecycle
5.4  Privacy operation and maintenance related
6  Solutions / Threat mitigation
7  Privacy guidelinesWord-p. 20
8  ConclusionWord-p. 21
A  OECD privacy principles
B  Privacy regulationsWord-p. 23
C  Definitions of personal data in different countries or areasWord-p. 24
D  The seven foundational principles in Privacy by Design(PbD)Word-p. 26
E  GSMA privacy principlesWord-p. 27
F  Privacy guidelines for writing 3GPP TRs and TSsWord-p. 28
G  Change history

Up   Top