locational privacy a new challenge for geographic information science n.
Skip this Video
Download Presentation
Locational privacy: a new challenge for geographic information science

Loading in 2 Seconds...

play fullscreen
1 / 22

Locational privacy: a new challenge for geographic information science - PowerPoint PPT Presentation

  • Uploaded on

Locational privacy: a new challenge for geographic information science. Jonathan Raper http://www.soi.city.ac.uk/~raper raper@soi.city.ac.uk. The impact of LBS on GIS. GIS make LBS functionally possible LBS are a rapidly growing part of GIS BUT, LBS and GIS are qualitatively different

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Locational privacy: a new challenge for geographic information science' - kaiya

Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
locational privacy a new challenge for geographic information science

Locational privacy: a new challenge for geographic information science

Jonathan Raper



the impact of lbs on gis
The impact of LBS on GIS
  • GIS make LBS functionally possible
  • LBS are a rapidly growing part of GIS
  • BUT, LBS and GIS are qualitatively different
  • The experience of Hypergeo and Webpark IST projects demonstrates this
lbs will be personal gis
LBS will be personal GIS
  • Individual mapping in real time
  • Interactive guide adapted to your preferences
  • Geographic information retrieval
  • Tracking service?
  • Geographic diary linked to e.g. your camera
streams of data
Streams of data
  • Current position
  • Location, time of transactions
  • Movement trends

A 10km car journey at 1 minute sampling interval

  • Lots of GIS functionality to offer LBS
    • Context-aware mapping
    • Proximity searches
    • Routing
    • Spatio-temporal data mining
  • Must persuade users to allow us to provide it
  • Must also persuade users to allow us to collect data
  • Need to demonstrate that we are responsible with LBS data
user power
User power
  • Need to put the users in control
  • Webpark study of 1200 potential LBS users:
    • 31% would like to get all information by request (pull)
    • 26% want to define the way they get information (pull+controlled push)
    • 18% would be prepared to have safety info pushed
    • 6% prepared to have all kinds of information pushed
  • Providing and managing push and pull modes at user discretion makes new demands on GIS
  • LBS and GIS are different functionally and in terms of the relationship between user and producer
gis vs lbs

collected data generated data

offline real time

analysis oriented transaction oriented

b2b b2c

professionals public

aggregated data personal data

LBS can only develop within a privacy framework

  • What is privacy?
    • an individual human right preventing intrusion, appropriation, breach of confidence
  • ECHR: Article 8: right to respect for private/family life
    • 1. Everyone has the right to respect for their private and family life, their home and their correspondence
    • 2. There shall be no interference by a public authority with the exercise of this right except ... in accordance with the law and (as) is necessary in a democratic society
  • Data protection
    • European Directive (95/46/EC)
information privacy
Information privacy
  • What is privacy in information?
  • Human rights (EHCR)
    • Private communication (needs encyption?)
    • Authentication of identity/ right to anonymity
  • Data protection (EU Directive 95/46/EC)
    • Fairly and lawfully processed
    • Processed for limited purposes and according to rights
    • Adequate, relevant and not excessive
    • Accurate and secure
    • Not kept longer than necessary
    • Not transferred to third countries without protection
information privacy provisions
Information privacy provisions
  • Dutch Constitution Article 10 (2):
    • Rules to protect privacy shall be laid down by Act of Parliament in connection with the recording and dissemination of personal data
  • Spanish Constitution Article 18 (4):
    • The law shall limit the use of data processing in order to guarantee the honour and personal and family privacy of citizens and the full exercise of their rights
  • Canadian Personal Information Protection and Electronic Documents Act 2001
  • US Bill of Rights- privacy ‘implicit’: Supreme Court
sensitive data
Sensitive data
  • Data Protection Directive as implemented in all EU states gives extra protection to ‘sensitive data’ requiring explicit informed consent to release
    • Racial
    • Political
    • Health
    • Religious
    • Trade union affiliation
  • BUT: Location ‘traffic’ data is not defined ‘sensitive’
    • Can be used in compliance with general principles
use of location traffic data
Use of location ‘traffic’ data
  • More than half the population of the UK carries a tracking device. Its records can be accessed by police officers, intelligence authorities, customs officials and Inland Revenue inspectors. Crimes, unpaid taxes or government dues can be investigated using this information. The data is held for several months: in some cases, for several years. We carry these devices voluntarily. They are called mobile phones.
  • Guardian, London, November 29th, 2001
how sensitive is location
How sensitive is location?
  • For some, very:
    • Those in fear of harassment
  • For some, not at all
    • Exhibitionists e.g. gpsdrawing.com
  • There is though a natural suspicion of services
    • A survey at personalisation.org suggested that <50% of people were prepared to give personal information to service providers
  • There is tolerance of mobile phone location data
    • At current levels of accuracy (between 50m & 20km)
    • At future levels of accuracy (5-20m), then perhaps not?
jonathan s weekly movement
Jonathan’s weekly movement


Each colour= 1 day

Darker= later in the day

implications for lbs data
Implications for LBS data
  • Security- how is identity verified? Who has device?
  • Consent- to who can streams of data be given?
  • Usage- how can the data be processed?
  • Linkage- with what can this data be linked
  • Inference- what can be stored in the profile?
  • Limits on transfers of data
  • Privacy issues must be addressed by LBS
spatio temporal data mining
Spatio-temporal data mining

Processing location data:

Location trends knowledge discovery tool from Hypergeo

locational behaviour analysis
Locational behaviour analysis
  • Where you are usually (envelopes)
  • Guess current activity (movement styles)
  • Locational profile defines geographic relevance
    • Movement- direction, minimum effort direction
    • Constraint- path options, accessibility, perspective
    • Association- contiguity, place
    • Setting- what has influence over, focus
  • Geographic relevance defines spatial privacy as the inverse?
transaction logging example
Transaction logging example



Transaction log

Transaction profile



Electoral roll







locational profiling
Locational profiling


Location data

Plotted over

Poverty map

locational privacy
Locational privacy
  • Locational persona- identity defined by location?
    • GIS/LBS should explore this hypothesis
  • Access to tracking- only for applications + consent?
    • Which applications are compelling enough?
  • Resolution- how much resolution is sensitive?
    • Once resolution reaches ‘street level’
  • Locational profiling
    • Home range distinction, conjectured activity by movement?
  • Information needs
    • geographic patterns in requests revealed?
agenda for gi lbs research
Agenda for GI/LBS research
  • LBS require personal data safeguards
  • Need to engage with consumer world view
  • Browsing, retrieving and analysing GI
  • (locational) privacy pragmatism?
  • How to sell GIS functionality for micropayments?