Mechanisms to Address Different Privacy Requirements for Users and Locations

The significance of individuals' location information has been increasing recently, and the utilization of such data has become indis-pensable for businesses and society. The possible uses of location informa-tion include personalized services (maps, restaurant searches and weather forecast services) and business decisions (deciding where to open a store). However, considering that the data could be exploited, users should add random noise using their terminals before providing location data to collec-tors. In numerous instances, the level of privacy protection a user requires depends on their location. Therefore, in our framework, we assume that users can specify different privacy protection requirements for each loca-tion utilizing the adversarial error (AE), and the system computes a mech-anism to satisfy these requirements. To guarantee some utility for data analysis, the maximum error in outputting the location should also be out-put. In most privacy frameworks, the mechanism for adding random noise is public; however, in this problem setting, the privacy protection require-ments and the mechanism must be confidential because this information includes sensitive information. We propose two mechanisms to address privacy personalization. The first mechanism is the individual exponential mechanism, which uses the exponential mechanism in the differential pri-vacy framework. However, in the individual exponential mechanism, the maximum error for each output can be used to narrow down candidates of the actual location by observing outputs from the same location multiple times. The second mechanism improves on this deficiency and is called the donut mechanism, which uniformly outputs a random location near the location where the distance from the user's actual location is at the user-specified AE distance. Considering the potential attacks against the idea of donut mechanism that utilize the maximum error, we extended the mech-anism to counter these attacks. We compare these two mechanisms by experiments using maps constructed from artificial and real world data.