Co-utile Collaborative Anonymization of Microdata

  • Jordi Soria-Comas
  • Josep Domingo-Ferrer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9321)


In surveys collecting individual data (microdata), each respondent is usually required to report values for a set of attributes. If some of these attributes contain sensitive information, the respondent must trust the collector not to make any inappropriate use of the data and, in case any data are to be publicly released, to properly anonymize them to avoid disclosing sensitive information. If the respondent does not trust the data collector, she may report inaccurately or report nothing at all. The reduce the need for trust, local anonymization is an alternative whereby each respondent anonymizes her data prior to sending them to the data collector. However, local anonymization by each respondent without seeing other respondents’ data makes it hard to find a good trade-off minimizing information loss and disclosure risk. We propose a distributed anonymization approach where users collaborate to attain an appropriate level of disclosure protection (and, thus, of information loss). Under our scheme, the final anonymized data are only as accurate as the information released by each respondent; hence, no trust needs to be assumed towards the data collector or any other respondent. Further, if respondents are interested in forming an accurate data set, the proposed collaborative anonymization protocols are self-enforcing and co-utile.


Information security and privacy Utility and decision theory Co-utility 


Acknowledgments and Disclaimer

The following funding sources are gratefully acknowledged: Templeton World Charity Foundation (grant TWCF0095/AB60 “CO-UTILITY”), Government of Catalonia (ICREA Acadèmia Prize to the second author and grant 2014 SGR 537), Spanish Government (project TIN2011-27076-C03-01 “CO-PRIVACY”), European Commission (projects FP7 “DwB”, FP7 “Inter-Trust” and H2020 “CLARUS”). The second author leads the UNESCO Chair in Data Privacy. The views in this paper are the authors’ own and do not necessarily reflect the views of the Templeton World Charity Foundation or UNESCO.


  1. 1.
    Agrawal, S., Haritsa, J.R.: A framework for high-accuracy privacy-preserving mining. In: Proceedings of the 21st International Conference on Data Engineering (ICDE 2005), pp. 193–204. IEEE (2005)Google Scholar
  2. 2.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. Naval Research Lab, Washington DC (2004)Google Scholar
  3. 3.
    Domingo-Ferrer, J., Muralidhar, K.: New directions in anonymization: permutation paradigm, verifiability by subjects and intruders, transparency to users. CoRR, abs/1501.04186 (2015)Google Scholar
  4. 4.
    Domingo-Ferrer, J., Soria-Comas, J., Ciobotaru, O.: Co-utility: self-enforcing protocols without coordination mechanisms. In: Proceeding of the 5th International Conference on Industrial Engineering and Operations Management (IEOM 2015), pp. 1–7. IEEE (2015)Google Scholar
  5. 5.
    Domingo-Ferrer, J., Torra, V.: Ordinal, continuous and heterogeneous k-anonymity through microaggregation. Data Min. Knowl. Discov. 11(2), 195–212 (2005)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Goldreich, O.: Foundations of Cryptography. Basic Tools, vol. 1. Cambridge University Press, Cambridge (2001)CrossRefzbMATHGoogle Scholar
  7. 7.
    Hundepool, A., Domingo-Ferrer, J., Franconi, L., Giessing, S., Nordholt, E.S., Spicer, K., de Wolf, P.-P.: Statistical Disclosure Control. Wiley, Chichester (2012)CrossRefGoogle Scholar
  8. 8.
    Jiang, W., Clifton, C.: Privacy-preserving distributed k-anonymity. In: Jajodia, S., Wijesekera, D. (eds.) Data and Applications Security 2005. LNCS, vol. 3654, pp. 166–177. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  9. 9.
    Jiang, W., Clifton, C.: A secure distributed framework for achieving k-anonymity. VLDB J. 15(4), 316–333 (2006)CrossRefGoogle Scholar
  10. 10.
    Jurczyk, P., Xiong, L.: Distributed anonymization: achieving privacy for both data subjects and data providers. In: Gudes, E., Vaidya, J. (eds.) Data and Applications Security XXIII. LNCS, vol. 5645, pp. 191–207. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  11. 11.
    LeFevre, K., DeWitt, D.J., Ramakrishnan, R.: Incognito: efficient full-domain k-anonymity. In: Proceedings of the 2005 ACM SIGMOD International Conference on Management of Data (SIGMOD 2005), pp. 49–60. ACM, New York (2005)Google Scholar
  12. 12.
    LeFevre, K., DeWitt, D.J., Ramakrishnan, R.: Mondrian multidimensional k-anonymity. In: Proceedings of the 22Nd International Conference on Data Engineering (ICDE 2006). IEEE Computer Society, Washington, DC (2006)Google Scholar
  13. 13.
    Muralidhar, K., Sarathy, R., Domingo-Ferrer, J.: Reverse mapping to preserve the marginal distributions of attributes in masked microdata. In: Domingo-Ferrer, J. (ed.) PSD 2014. LNCS, vol. 8744, pp. 105–116. Springer, Heidelberg (2014) Google Scholar
  14. 14.
    Samarati, P., Sweeney, L.: Generalizing data to provide anonymity when disclosing information. In: Proceedings of the 17th ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems (PODS 1998), p. 188. ACM (1998)Google Scholar
  15. 15.
    Song, C., Ge, T.: Aroma: a new data protection method with differential privacy and accurate query answering. In: Proceedings of the 23rd ACM International Conference on Conference on Information and Knowledge Management (CIKM 2014), pp. 1569–1578. ACM, New York (2014)Google Scholar
  16. 16.
    Soria-Comas, J., Domingo-Ferrer, J.: Probabilistic k-anonymity through microaggregation and data swapping. In: Proceedings of the IEEE International Conference on Fuzzy Systems (FUZZ-IEEE 2012), pp. 1–8. IEEE (2012)Google Scholar
  17. 17.
    Wang, K., Fung, B.C.M., Dong, G.: Integrating private databases for data analysis. In: Kantor, P., Muresan, G., Roberts, F., Zeng, D.D., Wang, F.-Y., Chen, H., Merkle, R.C. (eds.) ISI 2005. LNCS, vol. 3495, pp. 171–182. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  18. 18.
    Warner, S.L.: Randomized response: a survey technique for eliminating evasive answer bias. J. Am. Stat. Assoc. 60(309), 63–69 (1965)CrossRefGoogle Scholar
  19. 19.
    Xiao, X., Tao, Y.: Anatomy: simple and effective privacy preservation. In: Proceedings of the 32nd International Conference on Very Large Data Bases (VLDB 2006), pp. 139–150 (2006)Google Scholar
  20. 20.
    Xiao, X., Tao, Y.: Personalized privacy preservation. In: Proceedings of the 2006 ACM SIGMOD International Conference on Management of Data (SIGMOD 2006), New York, NY, USA, pp. 229–240 (2006)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Dept. of Computer Engineering and Mathematics, UNESCO Chair in Data PrivacyUniversitat Rovira i VirgiliTarragonaSpain

Personalised recommendations