LSPF

Location Subscriber Privacy Function

Services
Introduced in R99
A network function that enforces privacy rules for location-based services. It acts as a policy decision point, checking if a location request (e.g., from an external application) is authorized according to the subscriber's privacy profile, protecting user location data.

Description

The Location Subscriber Privacy Function (LSPF) is a critical logical component within the 3GPP Location Services (LCS) architecture, specifically residing in the core network. Its primary role is to act as a gatekeeper and policy enforcement point for all location requests targeting a mobile subscriber. When a Location Service Client (LCS Client)—which could be an external application, a value-added service provider, or an internal network entity—requests the geographical position of a mobile station (MS), the request is routed through the Gateway Mobile Location Centre (GMLC). The GMLC invokes the LSPF to perform a privacy authorization check before any location determination process begins.

Architecturally, the LSPF interfaces with the subscriber's Home Location Register (HLR) or Home Subscriber Server (HSS) to retrieve the subscriber's location privacy profile. This profile is configured by the subscriber, often via their service provider, and defines the rules for location disclosure. The profile typically includes settings such as which specific LCS Clients are allowed to request location, the time windows during which requests are permitted, and whether notification or verification to the subscriber is required. The LSPF evaluates the incoming request against this stored profile. The check involves verifying the client's identity, the type of location request (e.g., immediate or deferred), and the requested quality of service (e.g., accuracy).

If the LSPF authorizes the request, it returns a positive response to the GMLC, which then proceeds to interact with the serving Mobile Switching Centre (MSC) or Serving GPRS Support Node (SGSN) to initiate the positioning procedure with the radio access network. If the request is denied based on privacy rules, the LSPF returns a rejection to the GMLC, which then sends an error response to the LCS Client, and no location information is disclosed. In cases where the subscriber's profile mandates notification or verification, the LSPF's logic may trigger an interaction with the subscriber, for example, via an SMS asking for consent, before proceeding. This function is essential for complying with regulatory requirements on user privacy and for building subscriber trust in location-based services.

Purpose & Motivation

The LSPF was created to address the significant privacy concerns arising from the ability to pinpoint a mobile user's geographical location. As cellular networks evolved from providing simple voice service to enabling advanced data and location-based services (LBS), the potential for misuse of location data became a major issue. Without strict controls, any authorized or unauthorized entity could track a user's movements, leading to serious privacy violations. The LSPF provides the standardized, network-based mechanism to prevent this.

Its development was motivated by both regulatory pressures and the commercial need to make LBS palatable to consumers. Regulations in many regions mandate that users must have control over who can access their location data. Technically, earlier approaches lacked a centralized, subscriber-centric policy function. The LSPF solves this by decoupling the privacy policy logic from the location calculation engine (e.g., the GMLC or positioning node). It establishes a clear, standardized interface for privacy checking, allowing for flexible and manageable privacy profiles.

By providing this function, 3GPP enabled the safe deployment of valuable services like emergency calling (E911/112), fleet management, location-based advertising, and friend-finder applications. It gives subscribers the confidence that their location will not be disclosed without their knowledge or consent, which was a fundamental prerequisite for the widespread adoption of LBS. The LSPF, therefore, is not just a technical feature but a cornerstone of the ethical and legal framework for mobile network operations.

Key Features

  • Centralized privacy authorization for all location service requests.
  • Interrogates subscriber privacy profiles stored in HLR/HSS.
  • Supports configurable rules based on LCS Client ID, time of day, and service type.
  • Manages subscriber notification and verification procedures.
  • Integrates with the Gateway Mobile Location Centre (GMLC) in the LCS architecture.
  • Provides standardized error responses for unauthorized requests.

Evolution Across Releases

R99 Initial

Introduced as a core component of the standardized Location Services (LCS) architecture. Defined its initial role as the privacy decision point, interfacing with the HLR to fetch subscriber privacy settings and authorizing or rejecting location requests from the GMLC based on those rules.

TS 03.071TS 23.171TS 23.271

Defining Specifications

SpecificationTitle
TS 03.071 3GPP TR 03.071
TS 23.171 3GPP TS 23.171
TS 23.271 3GPP TS 23.271