Analyzing Privacy Risk in Human Mobility Data

  • Roberto Pellungrini
  • Luca Pappalardo
  • Francesca Pratesi
  • Anna MonrealeEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11176)


Mobility data are of fundamental importance for understanding the patterns of human movements, developing analytical services and modeling human dynamics. Unfortunately, mobility data also contain individual sensitive information, making it necessary an accurate privacy risk assessment for the individuals involved. In this paper, we propose a methodology for assessing privacy risk in human mobility data. Given a set of individual and collective mobility features, we define the minimum data format necessary for the computation of each feature and we define a set of possible attacks on these data formats. We perform experiments computing the empirical risk in a real-world mobility dataset, and show how the distributions of the considered mobility features are affected by the removal of individuals with different levels of privacy risk.



Funded by the European project SoBigData (Grant Agreement 654024).


  1. 1.
    Abul, O., Bonchi, F., Nanni, M.: Never walk alone: uncertainty for anonymity in moving objects databases. In ICDE 2008, pp. 376–385 (2008)Google Scholar
  2. 2.
    Alberts, C., Behrens, S., Pethia, R., Wilson, W.: Operationally critical threat, asset, and vulnerability evaluation (OCTAVE) framework, version 1.0. CMU/SEI-99-TR-017. Software Engineering Institute, Carnegie Mellon University (1999).
  3. 3.
    Armando, A., Bezzi, M., Metoui, N., Sabetta, A.: Risk-based privacy-aware information disclosure. Int. J. Secur. Softw. Eng. 6(2), 70–89 (2015)CrossRefGoogle Scholar
  4. 4.
    Cormode, G., Procopiuc, C.M., Srivastava, D., Tran, T.T.L.: Differentially private summaries for sparse data. In: ICDT 2012, pp. 299–311 (2012)Google Scholar
  5. 5.
    Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requir. Eng. 16(1), 3–32 (2011)CrossRefGoogle Scholar
  6. 6.
    Dwork, C., McSherry, F., Nissim, K., Smith, A.: Calibrating noise to sensitivity in private data analysis. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 265–284. Springer, Heidelberg (2006). Scholar
  7. 7.
    Eagle, N., Pentland, A.S.: Eigenbehaviors: identifying structure in routine. Behav. Ecol. Sociobiol. 63(7), 1057–1066 (2009)CrossRefGoogle Scholar
  8. 8.
    Gambs, S., Killijian, M.O., del Prado Cortez, M.N.: Next place prediction using mobility Markov chains. In: MPM, Article no. 4 (2012)Google Scholar
  9. 9.
    Mohammed, N., Fung, B.C.M., Debbabi, M.: Walking in the crowd: anonymizing trajectory data for pattern analysis. In: CIKM 2009, pp. 1441–1444 (2009)Google Scholar
  10. 10.
    Monreale, A., et al.: Privacy-preserving distributed movement data aggregation. In: Vandenbroucke, D., Bucher, B., Crompvoets, J. (eds.) Geographic Information Science at the Heart of Europe, pp. 225–245. Springer, Heidelberg (2013). Scholar
  11. 11.
    Olteanu, A.M., Huguenin, K., Shokri, R., Humbert, M., Hubaux, J.P.: Quantifying interdependent privacy risks with location data. IEEE Trans. Mob. Comput. 16(3), 829–842 (2017)CrossRefGoogle Scholar
  12. 12.
    Pappalardo, L., Simini, F., Rinzivillo, S., Pedreschi, D., Giannotti, F., Barabasi, A.-L.: Returners and explorers dichotomy in human mobility. Nat. Commun. 6, 8166 (2015)CrossRefGoogle Scholar
  13. 13.
    Pappalardo, L., Vanhoof, M., Gabrielli, L., Smoreda, Z., Pedreschi, D., Giannotti, F.: An analytical framework to nowcast well-being using mobile phone data. Int. J. Data Sci. Anal. 2(1), 75–92 (2016)CrossRefGoogle Scholar
  14. 14.
    Pyrgelis, A., De Cristofaro, E., Ross, G.J.: Privacy-friendly mobility analytics using aggregate location data. In: SIGSPATIAL International Conference on Advances in Geographic Information Systems, p. 34 (2016)Google Scholar
  15. 15.
    Pratesi, F., Monreale, A., Trasarti, R., Giannotti, F., Pedreschi, D., Yanagihara, T.: PRUDEnce: a system for assessing privacy risk vs utility in data sharing ecosystems. Trans. Data Priv. J., to appearGoogle Scholar
  16. 16.
    Rossi, L., Musolesi, M.: It’s the way you check-in: identifying users in location-based social networks. In: ACM Conference on Online Social Networks, pp. 215–226Google Scholar
  17. 17.
    Rossi, L., Walker, J., Musolesi, M.: Spatio-temporal techniques for user identification by means of GPS mobility data. EPJ Data Sci. 4(1), 11 (2015)CrossRefGoogle Scholar
  18. 18.
    Rubinstein, I.S.: Big data: the end of privacy or a new beginning? International Data Privacy Law (2013)Google Scholar
  19. 19.
    Samarati, P., Sweeney, L.: Generalizing data to provide anonymity when disclosing information (Abstract). In: PODS, vol. 188 (1998a)Google Scholar
  20. 20.
    Song, Y., Dahlmeier, D., Bressan, S.: Not so unique in the crowd: a simple and effective algorithm for anonymizing location data. In PIR@SIGIR 2014, pp. 19–24 (2014)Google Scholar
  21. 21.
    Stoneburner, G., Goguen, A., Feringa, A.: Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology, vol. 800. NIST special publication (2002)Google Scholar
  22. 22.
    Terrovitis, M., Mamoulis, N.: Privacy preservation in the publication of trajectories. In: MDM, pp. 65–72 (2008)Google Scholar
  23. 23.
    Trabelsi, S., Salzgeber, V., Bezzi, M., Montagnon, G.: Data disclosure risk evaluation. In: CRiSIS 2009, pp. 35–72 (2009)Google Scholar
  24. 24.
    Williams, N.E., Thomas, T.A., Dunbar, M., Eagle, N., Dobra, A.: Measures of human mobility using mobile phone records enhanced with GIS data. PLoS One 10(7), 1–16 (2015)Google Scholar
  25. 25.
    Yarovoy, R., Bonchi, F., Lakshmanan, L.V.S., Wang, W.H.: Anonymizing moving objects: how to hide a MOB in a crowd? In: EDBT, vol. 72, no. 83 (2009)Google Scholar
  26. 26.
    Zheng, Y.: Trajectory data mining: an overview. ACM TIST 6, 3 (2015)Google Scholar
  27. 27.
    Zang, H., Bolot, J.: Anonymization of location data does not work: a large-scale measurement study. In: MobiCom, pp. 145–156 (2011)Google Scholar
  28. 28.
    Unnikrishnan, J., Naini, F.M.: De-anonymizing private data by matching statistics. In: Allerton, pp. 1616–1623 (2013)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Roberto Pellungrini
    • 1
  • Luca Pappalardo
    • 2
  • Francesca Pratesi
    • 1
    • 2
  • Anna Monreale
    • 1
    Email author
  1. 1.Department of Computer ScienceUniversity of PisaPisaItaly
  2. 2.ISTI-CNRPisaItaly

Personalised recommendations