Personally Identifiable Information

Description

In the context of 3GPP standards, Personally Identifiable Information (PII) refers to the subset of user and subscription data that can be directly or indirectly linked to a specific natural person. The 3GPP system inherently processes vast amounts of PII to provide mobile services. Key categories of PII include: Subscription Identifiers (e.g., International Mobile Subscriber Identity (IMSI), Mobile Subscriber Integrated Services Digital Network Number (MSISDN)), Device Identifiers (e.g., International Mobile Equipment Identity (IMEI), Permanent Equipment Identifier (PEI)), Persistent Identifiers used in service layers (e.g., SIP URI, Private User Identity), and User Traffic & Location Data (e.g., GPS coordinates, cell ID, content of communications).

The architecture for protecting PII is woven throughout the 3GPP system design. It involves several key principles and functions: Anonymity, where temporary identifiers like Temporary Mobile Subscriber Identity (TMSI) or 5G-GUTI are used over the radio interface to avoid exposing permanent identifiers; Confidentiality, achieved through encryption of user plane and control plane data (using algorithms like 128-EEA3 in 4G or NEA in 5G) and integrity protection; and Access Control, enforced via the Authentication and Key Agreement (AKA) protocol and subscription profiles in the Home Subscriber Server (HSS) or Unified Data Management (UDM).

Network functions that handle PII, such as the User Data Repository (UDR), Network Exposure Function (NEF), and Lawful Interception (LI) systems, have specific security requirements defined in 3GPP TS 33.867. The NEF, for instance, acts as a security firewall for PII when exposing network capabilities to third-party Application Functions (AFs). It anonymizes, aggregates, or applies privacy policies before sharing data. Furthermore, 3GPP defines Privacy Requirement Indicators (PRIs) that a UE can signal to the network to express user preferences regarding the exposure of certain PII, like its IMEI. The entire lifecycle of PII—collection, storage, processing, transmission, and deletion—is subject to privacy-by-design principles mandated by regulations like GDPR, which are reflected in 3GPP's technical specifications.

Purpose & Motivation

The formal definition and treatment of PII within 3GPP specifications were driven by the escalating global regulatory landscape for data privacy and the increasing value (and risk) of user data in the digital age. Early mobile systems were designed primarily for functionality and security focused on network access control (e.g., preventing cloning). While they protected against some threats, comprehensive data privacy for user information was not a primary architectural concern.

The proliferation of mobile internet, location-based services, and the IoT expanded the volume and sensitivity of PII processed by networks. This attracted regulatory scrutiny, leading to laws like the EU's General Data Protection Regulation (GDPR). 3GPP, as a global standards body, had to evolve its specifications to provide a technical framework that enables operators to comply with such regulations. Standardizing the handling of PII ensures interoperability not just for services, but also for lawful and privacy-compliant operations across multi-vendor, international networks.

Furthermore, the business model of exposing network APIs to third-party developers (e.g., via SCEF/NEF) created a new attack surface for PII. Without standardized mechanisms for anonymization and policy control, operators risked data breaches and non-compliance. The 3GPP work on PII, particularly from Rel-12 onwards, provides the necessary technical controls—like the NEF's mediation role and PRIs—to enable innovation through network exposure while fundamentally protecting subscriber privacy. It addresses the core problem of balancing service personalization and network functionality with the individual's fundamental right to privacy.

Key Features

• Encompasses identifiers like IMSI, MSISDN, IMEI/PEI, IP Address, and location information
• Protection via encryption (UP/IP), integrity protection, and use of temporary identifiers (TMSI/GUTI)
• Privacy Requirement Indicators (PRIs) allow UE to signal privacy preferences to the network
• Network Exposure Function (NEF) anonymizes/aggregates PII before exposing to external AFs
• Governed by strict security requirements in TS 33.867 for UDR, LI, and other data handling NFs
• Integral to 3GPP's alignment with global privacy regulations (e.g., GDPR, CCPA)

Evolution Across Releases

Defining Specifications