%0 Conference Proceedings
%T Longitudinal Collection and Analysis of Mobile Phone Data with Local Differential Privacy
%+ Université Bourgogne Franche-Comté [COMUE] (UBFC)
%+ Université Antonine (UA)
%+ School of computing [Singapore] (NUS)
%A Arcolezi, Héber, H.
%A Couchot, Jean-François
%A Bouna, Bechara, Al
%A Xiao, Xiaokui
%Z Part 2: Selected Student Papers
%< avec comité de lecture
%( IFIP Advances in Information and Communication Technology
%B 15th IFIP International Summer School on Privacy and Identity Management (Privacy and Identity)
%C Maribor, Slovenia
%Y Michael Friedewald
%Y Stefan Schiffner
%Y Stephan Krenn
%I Springer International Publishing
%3 Privacy and Identity Management
%V AICT-619
%P 40-57
%8 2020-09-21
%D 2020
%R 10.1007/978-3-030-72465-8_3
%K Local differential privacy
%K Call detail records
%K Mobility analytics
%K Multi-dimensional data
%K Mobile phone data
%Z Computer Science [cs]Conference papers
%X Longitudinal studies of human mobility could allow an understanding of human behavior on a vast scale. Mobile phone data call detail records (CDRs) have emerged as a prospective data source for such an important task. Nevertheless, there are significant risks when it comes to collecting this type of data, as human mobility has proven to be quite unique. Because CDRs are produced through the connection of mobile phones with mobile network operators’ (MNOs) antennas, it means that users cannot sanitize their data. Once MNOs intend to use such a data source for human mobility analysis, data protection authorities such as the CNIL (in France) recommends that data be sanitized on the fly instead of collecting raw data and publishing private output at the end of the analysis. Local differential privacy (LDP) mechanisms are currently applied during the process of data collection to preserve the privacy of users. In this paper, we propose an efficient privacy-preserving LDP-based methodology to collect and analyze multi-dimensional data longitudinally through mobile connections. In our proposal, rather than regarding users as unique IDs, we propose a generic scenario where one directly collects users’ sensitive data with LDP. The intuition behind this is collecting generic values, which can be generated by many users (e.g., gender), allowing a longitudinal study. As we show in the results, our methodology is very appropriate for this scenario, achieving accurate frequency estimation in a multi-dimensional setting while respecting some major recommendations of data protection authorities such as the GDPR and CNIL.
%G English
%Z TC 9
%Z TC 11
%Z WG 9.2
%Z WG 9.6
%Z WG 11.7
%Z WG 11.6
%2 https://inria.hal.science/hal-03703765/document
%2 https://inria.hal.science/hal-03703765/file/498598_1_En_3_Chapter.pdf
%L hal-03703765
%U https://inria.hal.science/hal-03703765
%~ IFIP
%~ IFIP-AICT
%~ IFIP-TC
%~ IFIP-WG
%~ IFIP-TC9
%~ IFIP-TC11
%~ IFIP-WG9-2
%~ IFIP-WG9-6
%~ IFIP-WG11-7
%~ IFIP-WG11-6
%~ ANR
%~ IFIP-AICT-619
%~ IFIP-PRIVACY-AND-IDENTITY