5G and Privacy
An overview for policymakers
What is 5G?
5G is the fifth generation of mobile networks and can provide seamless connectivity to support diverse innovations such as smart homes, driverless cars, industrial automation and augmented reality. 5G enables billions of Internet of Things (IoT) devices to be deployed and many new applications to be conceived.
As connectivity becomes increasingly fluid and flexible, 5G changes the types of service and business models that are possible in unpredictable ways; much in the same way as the sharing economy and apps have changed how we interact with organisations, government and each other.
5G helps industries meet and respond to various business and consumer needs. For example:
Massive connectivity enables a low volume of data to be transmitted from large number of IoT devices like smart meters
Enhanced mobile broadband enables fast 3D video and 4K screens
High density of devices and Device to Device (D2D) connectivity
Low latency (i.e. minimal delay in processing a high volume of data across a network) enables vehicle automation and self-driving cars
Wider coverage to ensure seamless service experience across networks and country boundaries
Seamless mobility for uninterrupted service delivery and stable quality in scenarios with medium to high velocity
5G in context
Hover over the circles to see examples of 5G in practice.
Higher frequencies, smaller cells
- A mobile network consists of three conceptual parts: radio access network allowing devices within a particular area (a cell) to connect to an antenna on the cell tower, a core network and a transfer network between the radio and core elements.
- To achieve higher speeds, 5G networks will use higher radio frequencies. However, signals transmitted over higher frequencies degrade faster and travel a shorter distance. The signals are also less capable of travelling through buildings or trees, thus, requiring smaller cells, many of which will be at ground level or within buildings.
- The smaller cell size in 5G does imply more accurate geolocation data is generated, but satellite positioning systems e.g. GPS, will continue to provide a far higher degree of accuracy. This reemphasises the need for horizontal rules that protect consumers consistently regardless of the technology or business sector.
- When network location data is used for purposes such as the planning of smart cities or reducing carbon emissions, this is typically done using insights showing only the mobility of people at a non-identifiable aggregated level.
Massive MIMO, beamforming and bouncing
- MIMO (Multiple Input Multiple Output) means that more than one antenna is used to transmit and receive a radio signal thus improving the quality of the communication channel. Rather than pushing out the same signal in all directions, 5G will use different combinations of antennae at cell sites to send a focused beam in the receiver’s direction, ‘beamforming’. A signal can reach a user via an indirect route by ‘bouncing’ off surfaces such as walls or roads.
- The system does not know and does not know precisely where a particular device is geographically. It simply pushes the signal out in a way that works for the device to receive the signal. No data is generated or stored regarding which antennae are used.
- 5G enables key components of the physical telecommunications networks to be configured virtually in a way that suits the particular needs of industry verticals and individual organisations – ‘network slices’.
- Organisations that configure their virtual networks may demand more detailed information about users’ behaviour patterns derived from network data in the same way that an over-the-top service does with non-network data. Such services must be treated equally under data protection and privacy laws rather than creating a distinct set of rules for different sectors.
More devices, more applications
- 5G may lead to many novel ideas for collecting and using personal data at the device operating system or application level. These could represent a significant expansion of existing use cases or be entirely new ones. These new applications and devices may provide fresh channels for generating personal data that sit ‘on top’ of the network itself like mobile phone apps do in the 4G world and are not created by mobile network operators.
- This ‘over-the-top’ activity may lead to a significant increase in the volume of data privacy work requiring more staff, resources, training and awareness for both organisations and regulators.
- As 5G is typically deployed in wealthier cities before it is deployed to poorer cities or rural areas, any insights from 5G network data or data from applications may contain an inherent bias reflecting wealthier metropolitan populations. Organisations should be aware of this when developing products and services or leveraging machine learning algorithms.
Edge computing and network resources
- Mobile network operators could make 5G network resources, such as edge computing, storage and analytics capabilities, available to business customers. Mobile edge computing (MEC) is essential to the low-latency use cases that form an integral part of 5G. For example, sports event organisers may want to provide slow-motion videos or augmented reality content to people in the stadium. This could be achieved by storing the content related to the game in MEC servers closest to the stadium. Similarly, a factory may collect data from sensors, vehicles, wearable devices and drones used in the factory and process these locally, helping it to operate more efficiently.
- The ability to process data in the network edge in which it has been generated, could obviate the need to send the data further into or outside the network, reducing wider circulation of personal data than is necessary.
- It is important to distinguish between the content data which is stored locally by the MEC provider to provide the service and the communications data which would remain subject to the usual licence conditions and legal requirements.
- Information security will be enhanced in 5G. Encryption and authentication throughout the networks will ensure that sender and receiver have established trust and that the end-to-end relationship is secured.
- Having virtual network components means that core network operations may be performed through functions outside the operator network, e.g. the cloud, which can complicate the supply chain and liability chain but also present an opportunity. A virtualised, software-driven architecture can also mean that network elements can be isolated or containerised, and vulnerabilities can be remediated quickly and remotely.
- If the physical infrastructure of 5G networks is constantly repurposed for new virtual configurations that are provided by numerous operators and potentially managed by business organisations, it could create complexity concerning who is responsible for security at any given point and who is liable for the consequences of data breaches. This requires a collaborative approach to security across the entire 5G ecosystem. Security assurance mechanisms and industry guidelines such will become increasingly important.
5G and privacy
- Enhanced connectivity brings with it new business models, innovations and a greater convergence of sectors and technologies.
- Whenever a new technology emerges, it is fair to ask whether it may give rise to new ways of collecting and processing personal data.
- While 5G represents a significant shift in the use of mobile networks, existing data privacy regimes that are technology neutral already address a wide range of uses of data collected through apps, mobile device operating systems, social media, websites and network operators. These regimes are likely to be sufficient to address the use of new 5G capabilities within the online ecosystem.
- Countries that have already adopted a smart data privacy law approach should be well-placed to deal with the risks associated with 5G. A smart data privacy laws approach is characterised by rules that are risk-based, technology and sector-neutral and promote the concept of ‘Accountability’.
- Under the principle of Accountability, organisations are encouraged to not only comply, but also be able to demonstrate how they comply through effective data governance policies and processes. For example, to conduct data privacy impact assessments, to be transparent and to avoid or mitigate the risk of harm to individuals through good ‘Privacy-by-Design’ practices.
- Privacy-by-Design regimes have always acknowledged that the context of data processing, taking all relevant circumstances into account, is what determines risk rather than the particular technology or type of data viewed in isolation.
- 5G opens up exciting new opportunities that benefit individuals in all kinds of ways, but, as with any new technology, innovations involving personal data need to be considered carefully.
- Smart data privacy laws that embrace the concept of Accountability, encourage Privacy-by-Design, are based on the identification and mitigation of risks and are sector and technology neutral are well positioned to accommodate novel use cases and deal effectively with new privacy risks.
- Evaluating new risks as 5G develops requires interests to be balanced and judgments to be made within organisations and as a society. An open, inclusive discussion regarding 5G and data privacy benefits everyone, most of all the individuals whose data may be processed.
5G use cases
New technologies and market innovation have enabled the use of 5G in innumerable ways in both the private and public sectors.
Unlocking the full potential of 5G
In these spotlight interviews, experts from Nokia, Qualcomm Communications, Signals Research Group, Verizon, ZTE and GSMA Intelligence answer questions around the potential of 5G.
Connecting vehicles in the 5G era
V2V (Vehicle-to-Vehicle) technology allows vehicles to talk to each other. Use cases include, for example, sending and receiving collision warnings at traffic turns and intersections…
Manufacturing and 5G
Many manufacturers are installing private mobile networks that capture flows of data and monitor the end-to-end production processes allowing them to respond to changes rapidly.
Safety, privacy and security across the mobile ecosystem2nd November 2022
This report takes each of the major issues of consumer protection, privacy, public safety and infrastructure security in turn. It highlights the potential issues, what…
Cross-Border Data Flows: The impact of data localisation on IoT18th January 2021
The Internet of Things (IoT) transforms business, energises communities and empowers individuals. It can also benefit countries through increased productivity, employment, exports, energy efficiency and…