Co-utility pp 139-151 | Cite as

Self-enforcing Collaborative Anonymization via Co-utility

  • Jordi Soria-ComasEmail author
  • Josep Domingo-Ferrer
Part of the Studies in Systems, Decision and Control book series (SSDC, volume 110)


In surveys collecting individual data (microdata), each respondent is usually required to report values for a set of attributes. If some of these attributes contain sensitive information, the respondent must trust the collector not to make any inappropriate use of the data and, in case any data are to be publicly released, to properly anonymize them to avoid disclosing sensitive information. If the respondent does not trust the data collector, she may report inaccurately or report nothing at all. The reduce the need for trust, local anonymization is an alternative whereby each respondent anonymizes her data prior to sending them to the data collector. However, local anonymization by each respondent without seeing other respondents’ data makes it hard to find a good trade-off minimizing information loss and disclosure risk. In this chapter, we detail a distributed anonymization approach where users collaborate to attain an appropriate level of disclosure protection (and, thus, of information loss). Under our scheme, the final anonymized data are only as accurate as the information released by each respondent; hence, no trust needs to be assumed towards the data collector or any other respondent. Further, if respondents are interested in forming an accurate data set, the proposed collaborative anonymization protocols are self-enforcing and co-utile [3, 5].



Funding by the Templeton World Charity Foundation (grant TWCF0095/AB60 “CO-UTILITY”) is gratefully acknowledged. Also, partial support to this work has been received from the Government of Catalonia (ICREA Acadèmia Prize to J. Domingo-Ferrer and grant 2014 SGR 537), the Spanish Government (projects TIN2014-57364-C2-1-R “SmartGlacis”, TIN2015-70054-REDC and TIN2016-80250-R “Sec-MCloud”) and the European Commission (projects H2020-644024 “CLARUS” and H2020-700540 “CANVAS”). The authors are with the UNESCO Chair in Data Privacy, but the views in this work are the authors’ own and are not necessarily shared by UNESCO or any of the funding bodies.


  1. 1.
    Agrawal, S., Haritsa, J.R.: A framework for high-accuracy privacy-preserving mining. In: Proceedings of the 21st International Conference on Data Engineering, pp. 193–204 (2005)Google Scholar
  2. 2.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. In: Proceedings of the 13th Conference on USENIX Security Symposium, pp. 21–21. CA, USA, Berkeley (2004)Google Scholar
  3. 3.
    Domingo-Ferrer, J., Martínez, S., Sánchez, D., Soria-Comas, J.: Co-utility: self-enforcing protocols for the mutual benefit of participants. Eng. Appl. Artif. Intell. 59, 148–158 (2017)CrossRefGoogle Scholar
  4. 4.
    Domingo-Ferrer, J., Muralidhar, K.: New directions in anonymization: permutation paradigm, verifiability by subjects and intruders, transparency to users. Inf. Sci. 337–338, 11–24 (2015)Google Scholar
  5. 5.
    Domingo-Ferrer, J., Sánchez, D., Soria-Comas, J.: Co-utility: self-enforcing collaborative protocols with mutual help. Prog. Artif. Intell. 5(2), 105–110 (2016)CrossRefGoogle Scholar
  6. 6.
    Domingo-Ferrer, J., Sanchez, D., Soria-Comas, J.: Database Anonymization: Privacy Models, Data Utility, and Microaggregation-based Inter-model Connections. Morgan & Claypool, San Rafael (2016)Google Scholar
  7. 7.
    Domingo-Ferrer, J., Soria-Comas, J.: Anonymization in the time of big data. In: Privacy in Statistical Databases-PSD 2016, LNCS 9867, pp. 105–116. Springer, Berlin (2016)Google Scholar
  8. 8.
    Domingo-Ferrer, J., Torra, V.: Ordinal, continuous and heterogeneous k-anonymity through microaggregation. Data Min. Knowl. Discov. 11(2), 195–212 (2005)MathSciNetCrossRefGoogle Scholar
  9. 9.
    Goldreich, O.: Foundations of Cryptography, vol. 1, Basic Tools. Cambridge University Press, Cambridge (2001)Google Scholar
  10. 10.
    Hundepool, A., Domingo-Ferrer, J., Franconi, L., Giessing, S., Nordholt, E.S., Spicer, K., de Wolf, P.-P.: Statistical Disclosure Control. Wiley, London (2012)Google Scholar
  11. 11.
    Jiang, W., Clifton, C.: Privacy-preserving distributed k-anonymity. In: Proceedings of the 19th Annual IFIP WG 11.3 Working Conference on Data and Applications Security-DBSec 2005, LNCS 3654, pp. 166–177. Springer, Berlin (2005)Google Scholar
  12. 12.
    Jiang, W., Clifton, C.: A secure distributed framework for achieving k-anonymity. VLDB J. 15(4), 316–333 (2006)CrossRefGoogle Scholar
  13. 13.
    Jurczyk, P., Xiong, L.: Distributed anonymization: achieving privacy for both data subjects and data providers. In: Proceedings of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security-DBSec 2009, LNCS 5645, pp. 191–207. Springer, Berlin (2009)Google Scholar
  14. 14.
    LeFevre, K., DeWitt, D.J., Ramakrishnan, R.: Incognito: efficient full-domain k-anonymity. In: Proceedings of the 2005 ACM SIGMOD International Conferenceon Management of Data, pp. 49–60. NY, USA, New York (2005)Google Scholar
  15. 15.
    LeFevre, K., DeWitt, D.J., Ramakrishnan, R.: Mondrian multidimensional k-anonymity. In: Proceedings of the 22nd International Conference on Data Engineering, Washington, DC, USA (2006)Google Scholar
  16. 16.
    Muralidhar, K., Sarathy, R., Domingo-Ferrer, J.: Reverse mapping to preserve the marginal distributions of attributes in masked microdata. In: Domingo-Ferrer, J. (ed.) Privacy in Statistical Databases, LNCS 8744, pp. 105–116. Springer, Berlin (2014)Google Scholar
  17. 17.
    Samarati, P., Sweeney, L.: Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression. In: Proceedings of the IEEE Symposium on Research in Security and Privacy (1998)Google Scholar
  18. 18.
    Sánchez, D., Martínez, S., Domingo-Ferrer, J.: Comment on ‘Unique in the shopping mall: on the reidentificability of credit card metadata’. Science 351, 1274 (2016)CrossRefGoogle Scholar
  19. 19.
    Song, C., Ge, T.: Aroma: a new data protection method with differential privacy and accurate query answering. In: Proceedings of the 23rd ACM International Conference on Conference on Information and Knowledge Management, pp. 1569–1578. NY, USA, New York (2014)Google Scholar
  20. 20.
    Soria-Comas, J., Domingo-Ferrer, J.: Probabilistic k-anonymity through microaggregation and data swapping. In: Proceedings of the IEEE International Conference on Fuzzy Systems, pp. 1–8 (2012)Google Scholar
  21. 21.
    Soria-Comas, J., Domingo-Ferrer, J.: Big data privacy: challenges to privacy principles and models. Data Sci. Eng. 1(1), 21–28 (2015)CrossRefGoogle Scholar
  22. 22.
    Soria-Comas, J., Domingo-Ferrer, J.: Co-utile collaborative anonymization of microdata. In: Modeling Decisions for Artificial Intelligence-MDAI 2015, LNCS 9321, pp. 192–206. Springer, Berlin (2015)Google Scholar
  23. 23.
    Wang, K., Fung, B.C.M., Dong, G.: Integrating private databases for data analysis. In: Proceedings of IEEE International Conference on Intelligence and Security Informatics, pp. 171–182. Atlanta GA (2005)Google Scholar
  24. 24.
    Warner, S.L.: Randomized response: a survey technique for eliminating evasive answer bias. J. Am. Stat. Assoc. 60(309), 63–69 (1965)CrossRefzbMATHGoogle Scholar
  25. 25.
    Xiao, X., Tao, Y.: Anatomy: simple and effective privacy preservation. In: Proceedings of the 32rd International Conference on Very Large Data Bases, pp. 139–150 (2006)Google Scholar
  26. 26.
    Xiao, X., Tao, Y.: Personalized privacy preservation. In: Proceedings of the 2006 ACM SIGMOD International Conference on Management of Data, pp. 229–240. NY, USA, New York (2006)Google Scholar

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  1. 1.UNESCO Chair in Data Privacy, Department of Computer Science and MathematicsUniversitat Rovira i VirgiliTarragona, CataloniaSpain

Personalised recommendations