Optimal privacy protection of mobility data: a predictive approach

Location data are extensively used to provide geo-personalized contents to mobile devices users. Sharing such personal data is a major threat to privacy, with risks of re-identification or inference of sensitive information. Location data broadcasted to services can be sanitized, i.e., by adding noise to spatial coordinates. Such protection mechanisms from the literature are widely generic, e.g., not specific to a user and mobility properties. In this work, we advocate that taking into account the specificities of location data (temporal correlation, human mobility patterns, etc.) enables to gain in the privacy-utility trade-off. Specifically, using future mobility prediction greatly improves privacy. We present a novel protection mechanism, based on model predictive control (MPC). The sanitized location is optimally computed so that it maximizes privacy while guaranteeing a utility loss constraint, for present and future locations. Our formulation explicitly takes into account non-constant sampling time, due to moments when no location data is broadcasted. We evaluate experimentally our control on real mobility dataset and compare to the state of the art. Results show that with knowledge of user's future mobility over a few of minutes, we can gain up to 10% of privacy compared to state of the art, while preserving data utility. Copyright (C) 2023 The Authors.