What is SLPP? Subscriber LCS Privacy Profile

Description

The Subscriber LCS Privacy Profile (SLPP) is a fundamental component within the 3GPP Location Services (LCS) architecture, designed to enforce user privacy preferences for location-related operations. It is stored within the network, typically in the Home Subscriber Server (HSS) or a dedicated privacy profile register, and is accessed by the Gateway Mobile Location Centre (GMLC) and other LCS entities. The profile contains rules that dictate whether a location request from a specific client (e.g., a value-added service, emergency services, or law enforcement) should be allowed, rejected, or require explicit notification and consent from the subscriber. These rules are evaluated based on parameters such as the identity and type of the requesting client, the type of location request (e.g., immediate, deferred, periodic), and the subscriber's current geographical area.

Operationally, when a Location Service Client (LCS client) initiates a location request for a target Mobile Station (MS), the request is routed to the GMLC. The GMLC retrieves the subscriber's SLPP from the HSS. The profile is then processed to determine the applicable privacy check. This check may result in the request being granted without user notification, granted only after notifying the user and obtaining consent (via SMS, USSD, or a data session), or outright denied. The SLPP supports different classes of clients, such as emergency services, value-added services, law enforcement, and the subscriber themselves, each with potentially different authorization levels. This granular control is crucial for regulatory compliance with privacy laws like GDPR and for building user trust in location-based applications.

The SLPP's architecture integrates with core network signaling, primarily using Diameter-based interfaces (e.g., between GMLC and HSS) or MAP (Mobile Application Part) in earlier releases. It is a key enabler for commercial LCS services like friend-finder, fleet management, and location-based advertising, as it provides the legal and technical framework for user consent. Without SLPP, networks would be unable to offer differentiated privacy handling, potentially leading to unauthorized tracking and significant legal liabilities. Its management can be partially exposed to subscribers via self-care portals, allowing users to update their privacy preferences dynamically.

Purpose & Motivation

The SLPP was created to address the critical privacy concerns inherent in cellular network-based location tracking. As mobile networks evolved to provide precise user location (initially for emergency services like E911 in the US), it became apparent that this capability could be misused without proper safeguards. Prior to standardized privacy profiles, there was no uniform mechanism to let subscribers control who could locate them, creating risks of unauthorized surveillance and violating fundamental privacy rights. The SLPP provides a standardized, network-enforced method to obtain and respect user consent.

Its development was motivated by both regulatory pressures and commercial needs. Regulators demanded that telecom operators protect subscriber location data. Commercially, for location-based services (LBS) to thrive, users needed assurance that their privacy would be respected. The SLPP solves this by putting control in the user's hands through configurable profiles, enabling a trusted ecosystem for LBS. It differentiates between various requestors, ensuring that emergency calls can always be located while commercial services require explicit permission, balancing safety, legality, and service innovation.

Classification

Part ofLCS

Related approaches

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (37 CRs across 4 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Rel-16 2 changes

In Release 16, the SLPP function was enhanced by adding a specific **Location Privacy Setting operation** for subscribers. This provides a defined mechanism for managing individual privacy preferences within the location services framework. Additionally, an editorial clarification was made regarding the configuration of subscriber data for access to SNPNs.

Adding Location Privacy Setting operation TS 24.571CR0001
Removal of Editor's note on adding unified access control configuration to "list of subscriber data" for access to SNPNs TS 24.501CR1360

Rel-17 2 changes

In Release 17, updates to the SLPP function specifically enhanced the handling of subscriber data lists for SNPNs using an AAA-Server for primary authentication and authorization. The changes also introduced procedures for managing forbidden lists when an entry in the list of subscriber data is updated or when a UICC containing a USIM is removed. These modifications refined the authorization and privacy mechanisms within the network's location services architecture.

"List of subscriber data" handling for SNPN supporting AAA-Server for primary authentication and authorization TS 24.501CR3133
Forbidden lists when an entry of the list of subscriber data is updated or UICC containing USIM is removed TS 24.501CR3393

Rel-18 30 changes

In Release 18, the new SLPP (Subscriber LCS Privacy Profile) function was formally introduced, with specific enhancements for sidelink and ranging positioning services. Key additions included defining the UE Ranging/SL Positioning privacy profile, establishing procedures for UE-side privacy checks, and clarifying the transport for SLPP messages. The release also extended privacy handling to scenarios involving UEs from different PLMNs and for positioning services exposed through the 5GC control plane.

Equivalent SNPNs: entry of list of subscriber data becoming invalid TS 24.501CR5028
SLPP transport TS 24.501CR5919
Sidelink positioning privacy check procedure TS 24.514CR0001
Addition of EPC-(H)GMLC address in LCS-PeriodicTriggered TS 24.571CR0032
SLPP introduction TS 24.571CR0055
CR 38.355 for SLPP capability TS 38.355CR0002

+ 24 more changes

Rel-19 3 changes

In Release 19, the enhancements to the Subscriber LCS Privacy Profile (SLPP) function specifically clarified the initiation procedure for transporting SLPP data in sidelink positioning scenarios. The release also introduced updates to the UE privacy verification process and refined the server-side UE selection mechanism to incorporate the results of the subscriber privacy check.

Clarification on description of sidelink positioning SLPP transport initiation TS 24.514CR0036
Update on UE privacy verification TS 24.514CR0056
Update on Server UE selection considering privacy check TS 24.514CR0060

Explore further

Broader topics and technologies where SLPP plays a role.

Topics

Authentication (5G-AKA, EAP)Positioning & Location Privacy (SUPI, SUCI)MEC (Edge Computing)Emergency Services Diameter & Radius

Defining Specifications

3GPP specifications that define or reference SLPP, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

Specification	Title	Release
TS 03.071 v7b0	Location Services (LCS) Stage 2 Description	Rel-7
TR 21.905 vj00	3GPP Technical Terms and Definitions	Rel-19
TS 23.271 vj00	LCS Stage 2 Specification	Rel-19
TS 23.586 vj00	Ranging & Sidelink Positioning in 5GS	Rel-19
TS 24.501 vj50	5G NAS Protocols Specification	Rel-19
TS 24.514 vj30	Ranging & Sidelink Positioning in 5GS	Rel-19
TS 24.571 vj20	Control Plane LCS Procedures	Rel-19
TS 29.586 vj30	SLPKMF Service Based Interface Protocol	Rel-19
TS 33.533 vj00	Security for 5G Ranging & Sidelink Positioning	Rel-19
TS 37.571 vj00	UE Conformance for Positioning	Rel-19
TS 38.305 vj00	NG-RAN UE Positioning Stage 2	Rel-19
TS 38.355 vj00	Sidelink Positioning Protocol (SLPP)	Rel-19

Subscriber LCS Privacy Profile