LPI

LCS Privacy Indicator

Security →
Introduced in Rel-16

LPI is a privacy control parameter in 3GPP Location Services that indicates whether a user's location can be disclosed, governing authorization for location requests to prevent unauthorized tracking.

Category
Security
Introduced
Rel-16
Where
Services › IMS
Specifications
3 specs
LPI Description Purpose Related Classification Detected Changes Specifications

Description

The LCS Privacy Indicator (LPI) is a security and privacy parameter within the 3GPP Location Services (LCS) architecture, introduced in Release 16. It functions as a flag or indicator that specifies the privacy preferences of a subscriber regarding the disclosure of their location information to requesting entities, such as emergency services, value-added service providers, or lawful intercept agencies. Architecturally, the LPI is stored and managed in two primary locations: within the User Equipment (UE) itself, as part of the USIM application or device settings, and within the 5G Core Network, specifically in the Unified Data Management (UDM) or Home Subscriber Server (HSS). When a location request is initiated via the Gateway Mobile Location Centre (GMLC) or Network Exposure Function (NEF), the network consults the LPI as part of the privacy verification and authorization procedure.

How LPI works involves a multi-step authorization check. Upon receiving a location request for a target UE, the GMLC queries the UDM/HSS to retrieve the subscriber's LCS subscription data, which includes the LPI setting. The LPI can typically have values such as 'No Restriction', 'Restricted to Specific Services', or 'Privacy Exception' (e.g., for emergency calls). If the LPI indicates restrictions, the network must evaluate whether the requesting client (identified by its client type and service type) is authorized under those restrictions. For UE-based LPI, the UE may directly respond to network location queries with its privacy setting, especially in scenarios involving user plane location solutions. The Privacy Profile Register (PPR) or a dedicated LCS Client in the network may also enforce these rules, ensuring that location information is only disclosed in accordance with the subscriber's preferences and regulatory requirements.

Key components include the UDM/HSS, which stores the LPI as part of subscriber profile; the GMLC, which acts as the gateway for external location requests and enforces privacy checks; the UE, which may hold a local LPI copy; and the LMF, which may consider LPI during positioning session establishment. LPI's role is critical in the broader LCS security framework, providing a standardized mechanism to implement 'privacy by design' in mobile networks. It helps networks comply with stringent data protection regulations like GDPR by ensuring that location disclosure is always subject to explicit or implicit user consent, thereby preventing misuse of location data for stalking, unauthorized advertising, or other privacy invasions.

Purpose & Motivation

The LCS Privacy Indicator was introduced to address growing concerns about user privacy and the potential for abuse of mobile location data. As Location-Based Services (LBS) became more prevalent, networks needed a standardized way to manage and enforce subscriber privacy preferences beyond basic subscription checks. Prior to LPI, privacy controls were often implementation-specific or limited to simple binary consent flags, lacking granularity to differentiate between various requesting entities (e.g., emergency services vs. commercial apps). LPI provides a more flexible and standardized indicator that integrates into the 3GPP LCS authorization framework.

The problem it solves is the risk of unauthorized location tracking and disclosure, which can lead to serious privacy violations. Without a clear, network-enforced privacy indicator, malicious actors or overreaching services could potentially obtain a subscriber's location without proper consent. LPI enables subscribers to set preferences that travel with their profile, ensuring consistent enforcement across different network accesses (3G, 4G, 5G) and visited networks. It is particularly important for regulatory compliance, as many jurisdictions mandate that telecom operators obtain explicit user consent for location sharing, except for specific exceptions like emergency calls or lawful interception.

Motivation for LPI also stems from the evolution of LCS architecture towards service-based interfaces in 5GC, which increased the exposure of location capabilities to third-party applications via the NEF. This heightened the need for robust, standardized privacy controls. By defining LPI in Release 16, 3GPP provided a future-proof mechanism that works with both control-plane and user-plane positioning methods, and aligns with broader privacy enhancements like UE-based privacy verification. It ensures that as location accuracy improves and new use cases emerge, fundamental subscriber privacy remains protected within the network architecture.

Classification

Part ofLCS
Related approachesGMLCUDMNEF

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (45 CRs across 5 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Rel-15 5 changes

In Release 15, the LCS Privacy Indicator (LPI) function was newly introduced as part of the enhanced privacy verification procedures for Mobile-Terminated Location Requests (MT-LR). This function mandates that privacy verification of the target UE shall be enabled to check the UE's LCS privacy profile and authorize the LCS client or AF. Additionally, the release specified that UEs may optionally support privacy notification and verification on behalf of a user, with privacy override supported for regulatory services.

Rel-16 11 changes

In Release 16, the LCS Privacy Indicator function was enhanced with specific procedures for updating the UE's LCS privacy profile and for the Gateway Mobile Location Centre (GMLC) to retrieve this profile from the Unified Data Management (UDM) for authorization checks. It introduced clarifications for privacy verification when an Application Function (AF) requests location via the Network Exposure Function (NEF) and standardized the GMLC's role in handling privacy for target UEs served by either 5GC or EPC. Corrections were also made to the privacy selection flow rules and the definition within the Subscription Data Management (SDM) service.

  • LCS privacy TS 29.503CR0253
  • SoR Update Indicator TS 29.503CR0352
  • UE Location Privacy Profile Update TS 29.503CR0360
  • Location information retrieval for GMLC TS 29.503CR0363
  • Provision of UE LCS privacy profile TS 29.503CR0365
  • Correction on LCS privacy selection flow rule TS 23.273CR0002

+ 5 more changes

Rel-17 8 changes

In Release 17, the LPI (LCS Privacy Indicator) function was enhanced by introducing a **Routing Indicator**, which is stored in the UDM as part of the LCS subscriber data. This indicator is sent to the AMF after a User Plane Update (UPU) and is also included in Nudm_SDM notifications, allowing the GMLC to receive updated routing information for privacy and service authorization checks.

  • Routing Indicator TS 29.503CR0738
  • Send Routing Indicator to AMF after UPU TS 29.503CR0748
  • Disaster Roaming Indicator TS 29.503CR0856
  • UE MINT support indicator TS 29.503CR0870
  • Add description of GMLC corrects the area event report TS 23.273CR0167
  • Routing Indicator TS 29.503CR0674

+ 2 more changes

Rel-18 15 changes

In Release 18, the LPI function was enhanced to extend privacy verification for new service consumers and scenarios. Specifically, privacy checks were now required when a Network Data Analytics Function (NWDAF) requests UE location from a GMLC, and support was added for a UE Ranging/Sidelink Positioning privacy profile. Furthermore, the LMF was formally added as a consumer of GMLC services, and procedures were updated to handle privacy verification when UEs belong to different PLMNs.

  • Privacy Check for NWDAF requesting UE location from GMLC TS 23.273CR0249
  • Introduce new feature: local LMF and GMLC selection TS 23.273CR0254
  • Inclusion of NWDAF as GMLC services TS 23.273CR0305
  • UE RangingSL Positioning privacy profile TS 29.503CR1257
  • Update LMF and GMLC service operations to support cumulative event report TS 23.273CR0272
  • Clarification on conditions for privacy check for MBSR TS 23.273CR0334

+ 9 more changes

Rel-19 6 changes

In Release 19, the LCS Privacy Indicator function was updated to resolve editorial notes on user consent and privacy, and to align UE privacy checking procedures with SA3 security requirements. The enhancements ensure privacy verification is performed in the home PLMN (HGMLC) for all MT-LR requests, whether the target UE is served by 5GC or EPC, based on the UE's LCS privacy profile stored in the UDM. Furthermore, the release maintained support for optional UE-based privacy notification and verification, as well as privacy override for regulatory services.

  • MPS for Messaging Indicator in UDM TS 29.503CR1361
  • Energy Saving Indicator in UE Subscription TS 29.503CR1418
  • Inter PLMN GMLC communication via NEF removal TS 23.273CR0736
  • Resolution of Editors Note on user consent and LCS privacy TS 23.273CR0708
  • Updates on UE privacy checking for SA3 alignment TS 23.273CR0617
  • Add NSWO indicator TS 29.503CR1389

Explore further

Broader topics and technologies where LPI plays a role.

Topics
Authentication (5G-AKA, EAP)Positioning & LocationPrivacy (SUPI, SUCI)MEC (Edge Computing)Emergency Services5G NR (New Radio)
Technologies
LTE5G

Defining Specifications

3GPP specifications that define or reference LPI, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TS 23.273 vj50 5G Location Services Stage 2 Architecture Rel-19
TS 29.503 vj50 UDM Service Based Interface Stage 3 Rel-19
TS 37.890 vj10 Feasibility Study on 6 GHz for LTE/NR Rel-19