V.1 General

33.5013GPPRelease 18Security architecture and procedures for 5G SystemTS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

V.1.1 Scope

User consent can be required for 3GPP features depending on local regulations. Therefore, this annex describes the generic security requirements and procedures to support user consent enforcement in 3GPP services. While the use cases can differ, the annex focuses on the common and generic aspects related to the storage, checking and revocation of the user consent.

The user consent related requirements and mechanism in the present document are applicable only when it is required by regional regulations or operator’s local policy, not otherwise.

The term data processing in this annex is used to convey the same meaning as in [101].

V.1.2 Relationship between end-users and subscriber

It is assumed that the user consent is obtained from the end-users. The end-user(s) is the subscriber itself or authorize the subscriber to provide consent on behalf of the end-users. Alternatively, the end-users are authorized by the subscriber to provide the consent. That means user consent is always tied to the subscription information. How authorization is provided between the subscriber and the end-users is out-of-scope of this specification.

NOTE: The term end-user is defined in TR 21.905 [1].