Privacy metrics for trajectory data based on k-anonymity, l-diversity and t-closeness

Mobility patterns of vehicles and people provide powerful data sources for location-based services such as fleet optimization and traffic flow analysis. These data, in particular pick-up/origin and drop-off/destination of vehicles, carry high privacy risk due to the semantic context spatial-temporal data encompass. Therefore, location-based service providers must balance the value they extract from trajectory data (utility), with protecting the privacy of the individuals behind those trajectories. In order to optimize this trade-off, privacy risks must be measured. Existing privacy measures for non-sequential data are not suitable for trajectory data and this paper provides an answer to this issue. We introduce a model of an adversary with imperfect knowledge that is based on the concept of equivalence classes. We then adapt standard privacy measures, i.e. k-anonymity, l-diversity and t-closeness to the peculiarities of trajectory data. Our approach to measuring trajectory privacy provides a general measure, independent of whether and what anonymization has been applied, which can be used to intuitively compare privacy of different datasets. This work is of high relevance to all service providers acting as processors of trajectory data who want to manage privacy risks and optimize the privacy vs. utility trade-off of their services.