5G and Privacy

An overview for policymakers

What is 5G?

5G is the fifth generation of mobile networks and can provide seamless connectivity to support diverse innovations such as smart homes, driverless cars, industrial automation and augmented reality. 5G enables billions of Internet of Things (IoT) devices to be deployed and many new applications to be conceived.

As connectivity becomes increasingly fluid and flexible, 5G changes the types of service and business models that are possible in unpredictable ways; much in the same way as the sharing economy and apps have changed how we interact with organisations, government and each other.

5G helps industries meet and respond to various business and consumer needs. For example:

Smart home

Massive connectivity enables a low volume of data to be transmitted from large number of IoT devices like smart meters

Enhanced mobile broadband enables fast 3D video and 4K screens

High density of devices and Device to Device (D2D) connectivity

Autonomous vehicle

Low latency (i.e. minimal delay in processing a high volume of data across a network) enables vehicle automation and self-driving cars

Wider coverage to ensure seamless service experience across networks and country boundaries

Seamless mobility for uninterrupted service delivery and stable quality in scenarios with medium to high velocity

5G in context

Hover over the circles to see examples of 5G in practice.

Higher frequencies, smaller cells

  • A mobile network consists of three conceptual parts: radio access network allowing devices within a particular area (a cell) to connect to an antenna on the cell tower, a core network and a transfer network between the radio and core elements.
  • To achieve higher speeds, 5G networks will use higher radio frequencies. However, signals transmitted over higher frequencies degrade faster and travel a shorter distance. The signals are also less capable of travelling through buildings or trees, thus, requiring smaller cells, many of which will be at ground level or within buildings.

Privacy considerations

  • The smaller cell size in 5G does imply more accurate geolocation data is generated, but satellite positioning systems e.g. GPS, will continue to provide a far higher degree of accuracy. This reemphasises the need for horizontal rules that protect consumers consistently regardless of the technology or business sector.
  • When network location data is used for purposes such as the planning of smart cities or reducing carbon emissions, this is typically done using insights showing only the mobility of people at a non-identifiable aggregated level.

Massive MIMO, beamforming and bouncing

  • MIMO (Multiple Input Multiple Output) means that more than one antenna is used to transmit and receive a radio signal thus improving the quality of the communication channel. Rather than pushing out the same signal in all directions, 5G will use different combinations of antennae at cell sites to send a focused beam in the receiver’s direction, ‘beamforming’. A signal can reach a user via an indirect route by ‘bouncing’ off surfaces such as walls or roads.

Privacy considerations

  • The system does not know and does not know precisely where a particular device is geographically. It simply pushes the signal out in a way that works for the device to receive the signal. No data is generated or stored regarding which antennae are used.

Network slices

  • 5G enables key components of the physical telecommunications networks to be configured virtually in a way that suits the particular needs of industry verticals and individual organisations – ‘network slices’.

Privacy considerations

  • Organisations that configure their virtual networks may demand more detailed information about users’ behaviour patterns derived from network data in the same way that an over-the-top service does with non-network data. Such services must be  treated equally under data protection and privacy laws rather than creating a distinct set of rules for different sectors.

More devices, more applications

  • 5G may lead to many novel ideas for collecting and using personal data at the device operating system or application level. These could represent a significant expansion of existing use cases or be entirely new ones. These new applications and devices may provide fresh channels for generating personal data that sit ‘on top’ of the network itself like mobile phone apps do in the 4G world and are not created by mobile network operators.

Privacy considerations

  • This ‘over-the-top’ activity may lead to a significant increase in the volume of data privacy work requiring more staff, resources, training and awareness for both organisations and regulators.
  • As 5G is typically deployed in wealthier cities before it is deployed to poorer cities or rural areas, any insights from 5G network data or data from applications may contain an inherent bias reflecting wealthier metropolitan populations. Organisations should be aware of this when developing products and services or leveraging machine learning algorithms.

Edge computing and network resources

  • Mobile network operators could make 5G network resources, such as edge computing, storage and analytics capabilities, available to business customers. Mobile edge computing (MEC) is essential to the low-latency use cases that form an integral part of 5G. For example, sports event organisers may want to provide slow-motion videos or augmented reality content to people in the stadium. This could be achieved by storing the content related to the game in MEC servers closest to the stadium. Similarly, a factory may collect data from sensors, vehicles, wearable devices and drones used in the factory and process these locally, helping it to operate more efficiently.

Privacy considerations

  • The ability to process data in the network edge in which it has been generated, could obviate the need to send the data further into or outside the network, reducing wider circulation of personal data than is necessary.
  • It is important to distinguish between the content data which is stored locally by the MEC provider to provide the service and the communications data which would remain subject to the usual licence conditions and legal requirements.


  • Information security will be enhanced in 5G. Encryption and authentication throughout the networks will ensure that sender and receiver have established trust and that the end-to-end relationship is secured.
  • Having virtual network components means that core network operations may be performed through functions outside the operator network, e.g. the cloud, which can complicate the supply chain and liability chain but also present an opportunity. A virtualised, software-driven architecture can also mean that network elements can be isolated or containerised, and vulnerabilities can be remediated quickly and remotely.

Privacy considerations

  • If the physical infrastructure of 5G networks is constantly repurposed for new virtual configurations that are provided by numerous operators and potentially managed by business organisations, it could create complexity concerning who is responsible for security at any given point and who is liable for the consequences of data breaches. This requires a collaborative approach to security across the entire 5G ecosystem. Security assurance mechanisms and industry guidelines such will become increasingly important.

5G and privacy

5G in context
5G and privacy – accountability
5G and privacy regulation
5G in context
5G and privacy – accountability
5G and privacy regulation
  • Enhanced connectivity brings with it new business models, innovations and a greater convergence of sectors and technologies.
  • Whenever a new technology emerges, it is fair to ask whether it may give rise to new ways of collecting and processing personal data.
  • While 5G represents a significant shift in the use of mobile networks, existing data privacy regimes that are technology neutral already address a wide range of uses of data collected through apps, mobile device operating systems, social media, websites and network operators. These regimes are likely to be sufficient to address the use of new 5G capabilities within the online ecosystem.
  • Countries that have already adopted a smart data privacy law approach should be well-placed to deal with the risks associated with 5G. A smart data privacy laws approach is characterised by rules that are risk-based, technology and sector-neutral and promote the concept of ‘Accountability’.
  • Under the principle of Accountability, organisations are encouraged to not only comply, but also be able to demonstrate how they comply through effective data governance policies and processes. For example, to conduct data privacy impact assessments, to be transparent and to avoid or mitigate the risk of harm to individuals through good ‘Privacy-by-Design’ practices.
  • Privacy-by-Design regimes have always acknowledged that the context of data processing, taking all relevant circumstances into account, is what determines risk rather than the particular technology or type of data viewed in isolation.
  • 5G opens up exciting new opportunities that benefit individuals in all kinds of ways, but, as with any new technology, innovations involving personal data need to be considered carefully.
  • Smart data privacy laws that embrace the concept of Accountability, encourage Privacy-by-Design, are based on the identification and mitigation of risks and are sector and technology neutral are well positioned to accommodate novel use cases and deal effectively with new privacy risks.
  • Evaluating new risks as 5G develops requires interests to be balanced and judgments to be made within organisations and as a society. An open, inclusive discussion regarding 5G and data privacy benefits everyone, most of all the individuals whose data may be processed.