Local Differential Privacy Mechanisms for Frequency Estimation with Application to Mobility Data

Differential Privacy is a powerful mathematical tool that is applied to data allowing aggregate statistics to be released while protecting each individual’s privacy. These aggregate statistics allow for information to be inferred about a population. In this work, we will focus on frequency estimation particularly on origin-destination commuting data. Origin-destination commuting data is sensitive due to its association with individual locations and it is under the protection of the General Data Protection Regulation (GDPR). Despite this sensitive nature, this data plays a crucial role in a number of scenarios such as the planning of public transportation systems. A solution to this problem is to use differential privacy to add noise in a controlled way to the dataset. The aim is to strike a balance between ensuring individuals privacy while maximising utility of the data. Origin-Destination commuting happens on many hierarchical levels. Commuting occurs country to country, county to county, city to city and so forth. A characteristic of origin-destination commuting data is vast datasets with numerous potential journeys, many of which remain unused, resulting in highly sparse data. Our in-depth analysis will examine a number of differentially private mechanisms. Two categories of differentially private techniques will be studied namely central differential privacy and local differential privacy. The errors of the various mechanisms will be analysed. We will present the benefits of each mechanism and preform experiments on an origin-commuting dataset. We will investigate the the trade-offs between different differentially private mechanisms.