Collective location statistics release with local differential privacy

Abstract

Location statistics collective release provides essential information to understand crucial phenomena, including points of interest and movement patterns. Sharing location statistics without compromising users’ privacy is critical. The new standard method for calculating private statistical information is differential privacy. Several research works focus on the centralized environment where individuals share their real data with a trusted curator. To calculate private statistics, the trusted curator then adds carefully measured noise. However, this centralized approach is susceptible to privacy breaches in which, by targeting the trustworthy curator, an adversary accesses the true data. By enabling every individual to perturb their records before reaching the curator, local differential privacy overcomes this form of attack. However, the fundamental challenge is that existing local differential privacy algorithms degrade the privacy guarantee when data collection spans over time. Therefore, a methodology to allocate the privacy budget over multiple timestamps is needed to achieve a collective location statistics release. In this paper, using a sliding window approach, we tackle the issue of releasing location statistics with local differential privacy over multiple timestamps. We develop a privacy budget allocation methodology to release collective location statistics with formal local differential privacy proof. Then, we present an approximation strategy to share the closest private statistics to the current timestamp. This strategy optimizes the released statistics’ utility. We demonstrate our solution enables collective location statistics release with a robust privacy guarantee on two datasets (real-time counts of nearby users and historical counts of bike owners close to each bike station).