6.2.9 User consent for analytics

23.2883GPPArchitecture enhancements for 5G System (5GS) to support network data analytics servicesRelease 18TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

Depending on local policy or regulations, to protect the privacy of user data, the data collection, ML model training and analytics generation for a SUPI or GPSI, Internal or External_Group_Id or "any UE" may be subject to user consent bound to a purpose, such as analytics or ML model training. The user consent is subscription information stored in the UDM, which includes:

a) whether the user authorizes the collection and usage of its data for a particular purpose;

b) the purpose for data collection, e.g. analytics or model training.

The NWDAF retrieves the user consent to data collection and usage from UDM for a user, i.e. SUPI prior to collecting user data from an NF as described in clause 6.2.2 and from a DCCF as described in clause 6.2.6.

If a request for analytics is for "any UE", meaning that the consumer requests analytics for all UEs registered in an area, such as a S-NSSAI or DNN or AoI, then the NWDAF resolves "any UE" into a list of SUPIs using the Namf_EventExposure service with EventId "Number of UEs served by the AMF and located in an area of interest" and retrieves user consent for each SUPI. If a request for analytics is for an Internal or External Group Id, NWDAF resolves it into a list of SUPIs and retrieves user consent for each SUPI.

If user consent for a user is granted, then the NWDAF subscribes to user consent updates in UDM using Nudm_SDM_Subscribe service operation. Otherwise, the NWDAF excludes the corresponding SUPI from the request to collect data and generate analytics or ML model on the other users for which user consent is granted if the request is for a group of UE or "any UE.

When data is collected from the UE Application, the ASP is responsible to obtain user consent to share data with the MNO.

If the UDM notifies that the user consent changed, then the NWDAF checks if the user consent is not granted for the purpose of analytics or model training. If user consent was revoked for a UE, the NWDAF stops data collection for that UE. For analytics subscriptions to UE related analytics with the Target of Analytics Reporting set to that UE, the NWDAF stops generation of new analytics and stops providing affected analytics to consumers. For ML model subscriptions with Target of ML Model Reporting set to that UE, the NWDAF containing MTLF stops (re-)training of ML model(s) using data from the UE and stops providing the ML model(s) to consumers (NWDAF containing AnLF) for analytics. If the Target of Analytics Reporting or Target of ML model Reporting is either an Internal or External Group Id or a list of SUPIs or "any UE", the NWDAF skips those SUPIs that do not grant user consent for the purpose of analytics or model training. The NWDAF may unsubscribe to be notified of user consent updates from UDM for users for which data consent has been revoked.

NOTE: The NWDAF can provide analytics or ML model to consumers that request analytics or ML model for an Internal or External Group Id, or for "any UE", skipping those users for which consent is not granted or is revoked.

The Analytics ID that needs to check user consent before collecting input data are those that collect input data per user, i.e. per SUPI, GPSI, Internal or External Group Id, or those with the Target of Analytics Reporting or Target of ML model Reporting set to a SUPI, GPSI or External or Internal Group Id and are described in clause 6.