Personal mobility data from mobile phones and other sensors are increasingly used to inform policymaking during pandemics, natural disasters, and other humanitarian crises. However, even aggregated mobility traces can reveal private information about individual movements to potentially malicious actors. This paper develops and tests an approach for releasing private mobility data, which provides formal guarantees over the privacy of the underlying subjects. Specifically, we (1) introduce an algorithm for constructing differentially private mobility matrices, and derive privacy and accuracy bounds on this algorithm; (2) use real-world data from mobile phone operators in Afghanistan and Rwanda to show how this algorithm can enable the use of private mobility data in two high-stakes policy decisions: pandemic response and the distribution of humanitarian aid; and (3) discuss practical decisions that need to be made when implementing this approach, such as how to optimally balance privacy and accuracy. Taken together, these results can help enable the responsible use of private mobility data in humanitarian response.

翻译：个人移动数据（来自手机及其他传感器）正日益用于指导疫情期间、自然灾害及其他人道主义危机中的政策制定。然而，即使是聚合后的移动轨迹数据，也可能向潜在恶意行为者泄露涉及个人活动的隐私信息。本文开发并测试了一种发布隐私保护型移动数据的方法，该方法为数据主体的隐私提供形式化保障。具体而言，我们：(1) 提出了一种构建差分隐私移动矩阵的算法，并推导了该算法的隐私性与准确性边界；(2) 利用阿富汗和卢旺达移动运营商提供的真实数据，展示该算法如何使隐私移动数据能够用于两项高风险政策决策：疫情应对与人道主义援助分配；(3) 讨论实施此方法时需做出的实际决策，例如如何优化平衡隐私性与准确性。综合而言，这些成果有助于推动人道主义响应中隐私移动数据的负责任使用。