Location statistics collective release provides essential information to understand crucial phenomena, including points of interest and movement patterns. Sharing location statistics without compromising users’ privacy is critical. The new standard method for calculating private statistical information is differential privacy. Several research works focus on the centralized environment where individuals share their real data with a trusted curator. To calculate private statistics, the trusted curator then adds carefully measured noise. However, this centralized approach is susceptible to privacy breaches in which, by targeting the trustworthy curator, an adversary accesses the true data. By enabling every individual to perturb their records before reaching the curator, local differential privacy overcomes this form of attack. However, the fundamental challenge is that existing local differential privacy algorithms degrade the privacy guarantee when data collection spans over time. Therefore, a methodology to allocate the privacy budget over multiple timestamps is needed to achieve a collective location statistics release. In this paper, using a sliding window approach, we tackle the issue of releasing location statistics with local differential privacy over multiple timestamps. We develop a privacy budget allocation methodology to release collective location statistics with formal local differential privacy proof. Then, we present an approximation strategy to share the closest private statistics to the current timestamp. This strategy optimizes the released statistics’ utility. We demonstrate our solution enables collective location statistics release with a robust privacy guarantee on two datasets (real-time counts of nearby users and historical counts of bike owners close to each bike station).

位置统计数据集体发布提供了了解关键现象的必要信息，包括兴趣点和运动模式。在不损害用户隐私的情况下共享位置统计数据至关重要。计算私有统计信息的新标准方法是差分隐私。一些研究工作关注集中式环境，在该环境中，个人与可信赖的策展人共享其真实数据。为了计算私人统计数据，受信任的策展人会添加仔细测量的噪音。然而，这种集中式方法容易受到隐私泄露的影响，在这种情况下，攻击者通过瞄准值得信赖的策展人来访问真实数据。通过让每个人在到达策展人之前扰乱他们的记录，本地差异隐私克服了这种形式的攻击。然而，根本的挑战是，当数据收集时间跨度大时，现有的本地差分隐私算法会降低隐私保证。因此，需要一种在多个时间戳上分配隐私预算的方法来实现集体位置统计发布。在本文中，我们使用滑动窗口方法解决了在多个时间戳上发布具有本地差异隐私的位置统计信息的问题。我们开发了一种隐私预算分配方法，以发布具有正式本地差异隐私证明的集体位置统计数据。然后，我们提出了一种近似策略来共享与当前时间戳最接近的私有统计数据。该策略优化了发布的统计数据的效用。