A fully spatial personalized differentially private mechanism to provide non-uniform privacy guarantees for spatial databases

Spatial databases are essential to applications in a wide variety of domains. One of the main privacy concerns when answering statistical queries, such as range counting queries, over a spatial database is that an adversary observing changes in query answers may be able to determine whether or not a particular geometric object is present in the database. Differential privacy addresses this concern by guaranteeing that the presence or absence of a geometric object has little effect on query answers. Most of the current differentially private mechanisms for spatial databases ignore the fact that privacy is personal and, thus, provide the same privacy protection for all geometric objects. However, some particular geometric objects may be more sensitive to privacy issues than others, requiring stronger differential privacy guarantees. In this paper, we introduce the concept of spatial personalized differential privacy for spatial databases where different geometric objects have different privacy protection requirements. Also, we present SPDP-PCE, a novel spatial personalized differentially private mechanism to answer range counting queries over spatial databases that fully considers the privacy protection requirements of geometric objects in the underlying geometric space in both steps of noise addition and consistency enforcement. Our experimental results on real datasets demonstrate the effectiveness of SPDP-PCE under various total privacy budgets, query shapes, and privacy level distributions.