PLDP-TD: Personalized-location differentially private data analysis on trajectory databases.

The ubiquity of location-aware mobile devices and information systems has made it possible to collect large amounts of movement data such as trajectories of moving objects. However, it must be carefully managed to ensure that the privacy of each moving object or sensitive location is guaranteed. In this paper, we investigate how different locations of a geographical map can meet their individual privacy protection requirements using differential privacy (DP). More specifically, we aim to guarantee that the inclusion of any trajectory data record in a trajectory database does not substantially increase the risk to its privacy, while ensuring the required level of privacy protection for each location. To achieve this, we introduce the concept of personalized-location differential privacy (PLDP) for trajectory databases, and devise a differentially private algorithm, called PLDP-TD, that implements this new concept. PLDP-TD makes use of a so-called personalized noisy trajectory tree, which is constructed from the underlying trajectory database to answer statistical queries in a differentially private way. We propose novel strategies for privacy level assignment and personal privacy budget allocation to nodes of the personalized noisy trajectory tree. In addition, we enforce some consistency constraints on the personalized noisy trajectory tree to make it consistent such that the noisy count of each non-leaf node is equal to the sum of its children’s noisy counts, while minimizing the total distance of consistent noisy counts from their original noisy counts. Extensive experiments demonstrate that PLDP-TD substantially decreases the average relative error of query answers (up to 52 percent) in comparison to traditional differentially private algorithms.