The increasing amount of spatio-temporal data from mobile devices and individual participation can help drive domains such as environmental monitoring, health care, and urban planning. Spatio-temporal data can be individually-identifiable, which has lead to attempts to provide differential privacy for such data. But such data breaks differential privacy guarantees due to its inherent correlation. Previous works have ensured sufficient privacy through synthetic data release and low privacy budgets. Unfortunately the lack of aggregation options for the data release approach weakens analyst utility and protection of users and their data in the interactive query setting. We propose acceptable error (AEs) and range count (RCs) query algorithms. RCs ensure a stronger level of differential privacy than AEs, but typically use a greater privacy budget. We additionally propose two query data access mechanisms: data access policies (DAPs) and data access degrees (DADs) that grant or limit data access and specify the allowed amount of data leakage respectively. We propose a privacy-preserving system that implements these aggregation options to securely store and aggregate sensitive user trajectory data. Our goal is to incentivize users to participate in spatio-temporal aggregations while safely providing valuable data to analysts spanning a multitude of domains.




Download Full History