Privacy Profile Register

Description

The Privacy Profile Register (PPR) is a logical network entity defined within the 3GPP architecture for managing user privacy, primarily in the context of Location Services (LCS). It functions as a database and policy enforcement point that holds the subscriber's privacy preferences, often referred to as the 'Privacy Profile.' This profile contains rules that dictate the conditions under which the subscriber's location information can be requested, calculated, and disclosed to various entities, known as LCS Clients.

The PPR interacts with several core network elements to enforce these rules. When a Location Service request is initiated by an LCS Client (e.g., a navigation app, an emergency service, or a value-added service), the request is routed through the Gateway Mobile Location Centre (GMLC). The GMLC queries the Home Subscriber Server (HSS) to determine the serving node and to fetch the subscriber's LCS subscription data. Crucially, the HSS may also indicate the address of the PPR associated with the user. The GMLC then contacts the PPR to verify the request against the stored privacy profile. The profile contains rules based on factors such as the identity of the requesting client (client type, identity), the type of location request (e.g., immediate, deferred, periodic), the required accuracy, and the time of day.

Based on the evaluation, the PPR returns a verdict to the GMLC: allowed, barred, or allowed with notifications. If allowed, the location procedure proceeds via the Mobile Switching Centre (MSC) or Mobility Management Entity (MME)/Access and Mobility Management Function (AMF) to the UE. If the profile mandates notification, the network may send an alert to the user's device seeking consent before disclosing location. If barred, the request is rejected. The PPR may be a standalone node or its functionality can be integrated into the HSS or another network repository. Its architecture centralizes privacy control, providing a consistent policy point regardless of the user's location or the type of access network (2G, 3G, 4G, 5G) they are using.

Purpose & Motivation

The PPR was created to address growing privacy concerns and regulatory requirements (e.g., GDPR in Europe, various national laws) surrounding the tracking and disclosure of a mobile subscriber's geographical location. Early location services lacked granular user control; once a user subscribed to an LCS, their location could potentially be provided to any authorized service without further consent. This raised significant privacy issues, as users demanded the ability to control who could locate them and when.

Its development was motivated by the need to standardize a flexible, user-centric privacy management framework within the telecom network. Before the PPR concept, privacy was often handled in an ad-hoc manner by applications or was a simple binary subscription flag in the HLR/HSS. The PR introduces a sophisticated rule-based system that empowers the subscriber. It solves the problem of dynamic privacy management, allowing users to set different rules for different requesters (e.g., always allow emergency services, allow my family only during evenings, bar all commercial requests). This gives users transparency and control, which is essential for the ethical and legal deployment of location-based services, fostering user trust and enabling the growth of the LCS ecosystem.

Key Features

• Stores user-defined privacy rules (profiles) for location information disclosure
• Intercepts and evaluates Location Service requests from LCS Clients via the GMLC
• Supports rule evaluation based on client identity, request type, time, and accuracy
• Provides verdicts: Allow, Bar, or Allow with Notification/Verification
• Can be integrated with the HSS or implemented as a standalone network function
• Centralizes privacy policy enforcement for consistent user experience across network domains

Evolution Across Releases

Defining Specifications